Velocity IT

Workflow Automation and Process Optimisation Services

Velocity provides business process/workflow automation and optimisation consulting services using UiPath, K2, Mendix, MatsSoft, Office 365 and technologies like Artificial Intelligence (AI) and Internet of Things (IoT). Velocity uses low- and no-code platforms to rapidly design, develop and deploy high productivity workflow-driven software applications for mobile, tablet and desktop devices.


  • Easily create business process automation and optimisation solutions
  • Rapid business process discovery and modelling capabilities
  • Replace manual business processes with automated processes
  • Quickly develop line-of-business applications for mobile, tablet and desktop
  • Digitise business rules using a drag and drop rule designer
  • Easily develop electronic forms using no-code form designers
  • Secure integration with multiple external data sources
  • Configure real time reports for operational insights
  • Full process audit and tracking capability for compliance
  • Full integration with all Microsoft-based products (for example SharePoint)


  • Rapidly create automated workflow and business processes across your business
  • Identify process bottlenecks and fix-in-flight erroneous processes without IT involvement
  • Easily change process to respond to operational and legislation changes
  • Enable end-users and Business Analysts to create highly scalable applications
  • Develop applications quickly without the need for IT development skills
  • Automate manual workflow tasks with secure low-code apps
  • Deliver end-users their data, reports and tasks on any mobile-device
  • Reduced development and cost of ownership costs of workflow-driven apps
  • Data integration with multiple external data sources
  • Design and run online forms in minutes instead of days


£84.71 to £275.86 per user per year

Service documents

G-Cloud 11


Velocity IT

Arno van Rooyen


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Microsoft Azure-based
System requirements
  • Modern browser
  • Windows Server Platform for Unattended RPA software bot
  • Windows Desktop PC Attended RPA software bot

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1. Mo-Fr 4 am to 5pm

2. Emergency out of hours hotline exists

3. Immediate 'auto response'

4. 4 hours SLA for 1st contact and initial analysis and potential workaround provisioning

5. Resolution Times -
Tier 1 (Critical) - 3 calendar days
Tier 2 (Medium) - 5 calendar days
Tier 3 (Low) - 7 to 10 calendar days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible 1. End user goes the the corporate website and the Web Chat Bot will popup
2. The Bot ask the users name, company and if the inquiry is support related
3. Rules-based engine routes it to the support help desk in office hours, or mobile phone after hours or weekends
Web chat accessibility testing HubSpot Chat Bot is used and is complies to (WCAG) 2.0 Content Accessibility Guidelines
Onsite support Yes, at extra cost
Support levels Support is provided via online portal, phone or on-site visit. Support is either;
Annual (unlimited) or
Hourly (called off against pre-purchased support credits)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Projects start with a discovery session to establish requirements and objectives. This is followed by a comprehensive implementation plan defining deliverables, timescales and roles and responsibilities. Full project management is provided throughout the term of the contract with milestone reviews to ensure successful delivery and progression. Full on-site and go-live support is provided along with full application training and documentation. A project review generally follows after go-live to ensure continuous user adoption.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Full data extract capabilities are available in the application. A full database backup can also be provided to the customer upon request. After service termination, all database backups and data extracts are delivered to the customer and all data can easily be deleted.
End-of-contract process Once a notice of termination is received, all data and platform customisations are exported and made available to the customer in a acceptable format - for example CVS and SQL.

If the data is required in a specific format or a data import to a new service is required, a professional service charge will apply.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is responsive in nature and has like-for-like support between mobile, desktop and tablet devices. There are differences, but the design time tool allows you to target either mobile or desktop that optimises the user experience. Key platform capabilities are available across all platforms.
Service interface No
What users can and can't do using the API Service platform has a mature API that allows accessibility to all platform capabilities - including data input/output, application management, security APIs

Further details available on request.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The K2 , Mendix. MatsSoft, Microsoft PowerApps, Microsoft Flow and UIPath platforms are low- and no-code graphical designer based platforms. It allows full customisations of electronic forms, workflow processes, Robotic Process Automation scrips, reporting and data integrations.

Customisations are done using the capabilities' designers, but code-base customisations are also supported.

The user interface can also be styled using custom themes and CSS.

Customisations can be done by power end-users, analysts and developers


Independence of resources The platform scales both horizontally and vertically. New nodes can easily be added to support in increase in demand and fail over.

Cloud services are elastic and processing power, memory allocation and disk space can be increased easily based on required demand.


Service usage metrics Yes
Metrics types Business Application Metrics
- Business Process Performance
- User Performance
- Transaction throughput performance
- Process error analysis metrics

Infrastructure Metrics
-Processor, Disk, Network and Memory usage metrics
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold K2, Mendix, UIPath, MatsSoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export data in a variety of formats Excel, CSV, API or SQL Server database connection.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • SQL Server Database
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Agreed service availability of up to 99.9%, 24/7

Velocity will also make reasonable efforts to resolve Application Support requests based on the severity and support level as shown below:

(i) Severity 1: Reasonable attention from necessary maintenance staff until the problem is materially resolved. Resolution will normally be provided as a special purpose Software Update. The target time for resolution of the problem, or reducing the impact of the problem to Severity 2 or 3, is within three (3) calendar days from the time the problem is reported. Velocity will maintain regular communication with you regarding the problem at mutually agreed upon intervals.
(ii) Severity 2: Velocity will make reasonable efforts to provide a resolution reasonably acceptable to you or reduce the impact of the problem to Severity 3, usually via a special purpose Software Update.
(iii) Severity 3: Velocity will make reasonable efforts to determine what corrective action is necessary to remedy the problem via a special purpose Software Update or advice to you.
Approach to resilience Disaster recovery is built in via a secondary failover environment. For on-premise, you would be responsible for providing the failover environment
Outage reporting A range of options are available, including administration reports, email alerts and administration portal where outages are reported

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Direct contact (via. phone and email ) will always be followed by a 2-factor authentication. A SMS is sent to a registered pone and the code needs to be provided before any support engagement happens.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes We follow the principles of the Cyber Essentials, ISO27001 and GDPR policies. Formal documented policies available on request. Our policies and managed directly through our internal CISO and internal head of compliance.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Generate CR: A submitter completes a CR Form and sends the completed form to the Change Manager. Log CR Status: The Change Manager enters the CR into the CR Log. The CR’s status is updated throughout the CR process as needed. Evaluate CR: Project personnel review the CR and provide an estimated level of effort to process, and develop a proposed solution for the suggested change
Authorize: Approval to move forward with incorporating the suggested change into the product. Implement: If approved, make the necessary adjustments to carry out the requested change
Vulnerability management type Supplier-defined controls
Vulnerability management approach Periodic vulnerability discovery / scanning takes place as part of a comprehensive Business Continuity Plan.
Vulnerability Analysis is completed against the vulnerability scanning raw output and used to produce detailed and targeted reporting at a low level for technical delivery teams and a high level for management view of risk surfaces.
Technical reports help technology support teams to calibrate patching cycles to allow vulnerabilities found to be remediated effectively by potential risk priority. Patch release and deployment goes through a robust risk analysis to identify and mitigate associated vulnerabilities
Rescans are subsequently undertaken to verify closed vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified through robust data protection policies. A breach in security is immediately reported to the customer and an plan to mitigate the threat. SLAs linked to the severity applies when responding to threats.
Incident management type Supplier-defined controls
Incident management approach Velocity has an internal incident management policy and process implemented according to ITIL version 3. Incidents are reported using an online help desk system and routed to the appropriate member of staff to deal with it. The process is fully tracked and has detailed reporting to enable monitoring of incidents.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £84.71 to £275.86 per user per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑