ActiveOps Limited

ActiveOps Workware: Physical and Digital Operations Management, Optimisation and Reporting Suite

Underpinning leading financial and government organisations, BPOs and Shared Services globally, Workware is a cloud-based SaaS application, driving optimised performance in any physical/digital operations environment. Alongside BPM/workflow/digital platforms and supporting change/improvement initiatives, Workware provides visual, real-time productivity/utilisation data for people and robotic resource, enabling exceptional planning, efficiency and control.


  • Real-time performance, volume, productivity, utilisation data at any business/individual level
  • Visual dashboards/reporting of usage and efficiency of people/digital resource
  • Sophisticated forecasting, capacity planning, resource, skill and load balancing
  • Trend, business event or change impact analysis and predictions
  • Targeted analytics, diagnostic and behavioural rigour reporting suite
  • End-to-end process cost, effort, value, Lean, Continuous Improvement analytics
  • Supporting methodology, coaching, behavioural change, management consultancy and best practice
  • Operational deployment/benchmarking within two weeks, results within one month
  • Role-based permissions and remote accessibility, mobile/tablet functions
  • Up to 100% platform availability and 24/7 support


  • Sustainable 15-25%+ productivity and throughput improvement achieved within months
  • Easy identification/release of latent capacity for reinvestment, growth, cost-efficiency
  • Exceptional control over Service performance, staff engagement, overtime and failure-reduction
  • Behaviour transformation, knowledge/skills sharing, collaboration, visibility, consistency, control
  • Support digital transformation, Lean, Six Sigma, Continuous Improvement initiatives (LCS-accredited)
  • Identify RPA/BPM opportunity, internal/external failure demand, non-value-add activity, cost drains
  • Enabling data-backed decisions about balancing, recruitment, skilling, overtime, diverted activity
  • Single management view of work/capacity and people/robots independent of systems/complexity
  • Complimenting, enabling, measuring change in BPM, workflow, robotic, manual processes
  • IT-light, cloud-based solution, with typical ROI within 6-12 months


£91 to £644 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 1 8 4 0 4 9 8 7 0 1 6 2 4 8


ActiveOps Limited

Jane Haywood


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned scheduled monthly maintenance cycle completed out of hours less than 30 mins monthly).
System requirements Browser: IE11, Edge, Chrome or Firefox supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Incident and issues response and resolution times defined based on severity: P1- Major Impact – Acknowledge in 1 hour, Workaround 12 hours; P2 - High Impact – Acknowledge in 1 hour, Workaround 48 hours; P3- Medium Impact – Acknowledge in 24-hour, Workaround Reasonable and agreed; P4- Low Impact – Acknowledge in 48-hour, Workaround Reasonable and agreed. Helpdesk availability is 08:00 - 18:00 GMT (Monday to Friday) excluding UK national holidays. ActiveOps operates a 24x7x365 out-of-hours support for P1 and P2 incidents. Clients can reach a member of the Customer Services Team by calling the client’s nominated support centre phone number.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels ActiveOps customers have access to a 24/7 telephone support line with an on-call engineer for critical breakages and severe impact issues only.
For all service issues a telephone, email and ticket support desk operates within standard hours of Monday to Friday 08:00-18:00. The support desk should also be used for severe and critical issues during these standard hours.

The support levels/mechanisms described above are included in the standard pricing, and not at an extra cost.

Account management is provided by a dedicated point of contact per customer, who will liaise with technical, financial or other contacts internally as needed. In addition, the technical support management team is available to all customers for escalation where needed.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training, online training and user documentation. We also offer off site training.

Fast deployment of Workware software is supported by a programme of coaching, on-the-job skills training and embedding of best practices. This includes usage of the software for all roles, interpretation and use of the data and reporting, and operational forecasting, planning and rigour coaching.

On-site operational coaches will work with team management, operational and senior management and floor staff to ensure maximum value is achieved.

Optional additional certification for members of staff as champions or practitioners of Active Operations Management methodology is offered.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We will provide extracts of data in a mutually agreed format at the time.
End-of-contract process Reasonable assistance with data extraction.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Specific performance reports and dashboards are available for managers to monitor remotely via a mobile device (i.e. smartphone), allowing visibility when needed for travelling stakeholders. Data entry (using RTM) is available to users. Full Workware functionality is available on tablet screen size or higher.
Service interface No
What users can and can't do using the API API referred to as "Connect", accepts feeds of activity data for existing users to enable the input of work items / data from external systems.

User creation and other associated user changes can be carried out by automated "robots".
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Organisation structure, hierarchy, teams, processes, tasks and timings are customisable, to allow for the nuances and complexities of individual environments and services.

ActiveOps will work with the buyer organisation to set up these specifics for their environment at the start of deployment, with authorised managers or administrators being trained to be able to add, delete or change tasks, processes and structures as necessary going forward.
All dashboards, reports and functions are available out-of-the-box and are automatically plugged in with the customised data structure at the start. Any changes to tasks, teams or business structure are automatically fed through into reports and dashboards, with no requirement to reconfigure or rebuild.

Individual users are also able to customise their application interface for usability preference on an ongoing basis, for example to see items/tasks they use most first, or to hide what they do not need to use.


Independence of resources Performance is monitored constantly and capacity planned and reviewed as necessary. Infrastructure is segregated by client where contractually mandated or where we deem it appropriate for performance reasons, otherwise by region with load actively managed to ensure no adverse impacts.


Service usage metrics Yes
Metrics types Metrics provided by account management team on request, including usage statistics (number of users, number of tasks logged, average tasks per user), performance (average page response time), incidents (number, severity, time to respond and time to resolution) and per-customer comparisons of outcomes against industry norms.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach In areas of the software where user export would be relevant, we provide the ability to export data to CSV/Excel format from within the application.
Data export formats
  • CSV
  • Other
Other data export formats Excel (XLS/XLSX)
Data import formats
  • CSV
  • Other
Other data import formats Excel (XLS/XLSX)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Event: Fail-over incident declared in Primary Data Centre.
Recover service in Primary Data Centre – Service Availability Target = 99.8%, RTO = 4 Hours, RPO < 1 minute

Event: Disaster Recovery declared in Primary Data Centre.
Recover service in Secondary Data Centre RTO = 12 hours, RPO < 15 minutes
Approach to resilience Application hosted on load-balanced web servers and SQL Always-On clusters, on Windows Azure in independent fault and update domains which provide redundant hardware and fault-tolerance with redundant power, connectivity and cooling.

Further details available on request.
Outage reporting Alerts by email, with telephone follow-up for severe outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces within the application are rights-controlled within the application itself, anditself and secured by username & password.

Support channels are available for all application users to access; the support team will route any ticket which requires the disclosure of data or extension of privileges to appropriate client contacts for authorisation.

Management access by our staff is via VPN and secured by 2FA, and actions are audited.

Note that our application does not hold any data which would be considered sensitive or confidential.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 DAS Certification (part of SN Registrars (Holdings) Ltd
ISO/IEC 27001 accreditation date 13/07/2018
What the ISO/IEC 27001 doesn’t cover Nothing relevant to the service provision.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Regular internal audits coordinated by and reporting to our Chief Security Officer, who in turn reports to Chief Technology Officer, who sits on exec board.

External audits to ISO/IEC27001:2013 as required by standard.

Development processes are aligned to OWASP guidelines, regular training to all staff on GDPR, InfoSec and other content appropriate to role.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Production system changes require a change requests must be risk assessed and approved by the Change Advisory Board (CAB) and must successfully exit the UAT test process. Production software will have completed a normal development and packaging release cycle, be independently installed and tested in a User Acceptance Test (UAT) environment (which is based on a production environment configuration) and finally deployed to Production where it's first customer is ActiveOps. Microsoft Windows Operating system patching follows a similar UAT testing process prior to deployment on the Production systems. Product lifecycle management operates for all software components. ISO27001:2013 controls (A12/A14/A15).
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach ActiveOps use Dark Trace for real time monitoring, detection and response to events. The Microsoft Azure Global Service platform provides monitoring and protection against known attacks, including against the virtual infrastructure. Critical/high impact Microsoft patches deployed once they are released. Threat information provided by Microsoft (ActiveOps is a Microsoft Gold Partner), Sophos (anti-virus/malware solution) and other resources monitored. Site24x7 used to monitor and detect capacity issues in real time.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach ActiveOps use Dark Trace for real time monitoring, detection and response to events. Firewall logs, Windows Server Security log, Windows Server Application logs, IIS logs, Workware logs, Dark Trace logs are monitored. The Microsoft Azure Global Service platform provides monitoring and protection against known attacks, including against the virtual infrastructure. Incident severity levels (P1 – P4), response times for workarounds and fix are defined as well as escalation procedures. Responses follow the defined incident management process. Staff available 24x7 to respond to critical/high impact incidents.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident severity levels (P1 – P4), response times for workarounds and fix are defined as well as escalation procedures. Customers report incidents using email, phone or ticket portal. Incidents are tracked using a ticket management system with SLA structured against incident severity level. Escalations procedures where service levels are breached include informing customer’s nominated responsible person or team. Incident reports provided via email and ticket based on incident severity to agreed SLAs. Operational security controls are aligned with the ISO27001:2013 framework. ISMS governance managed by senior management team including monitoring, measuring, management of actions and contact point for breaches/escalations.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £91 to £644 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial For larger organisations, ActiveOps may, at its discretion, offer reduced-price trial access to Workware, for an agreed limited period, to a targeted subset of users. ActiveOps will work with the buyer to define the trial scope, measures and success criteria prior to deployment.

Service documents

Return to top ↑