Velocity IT

Workflow Automation and Process Optimisation Services

Velocity provides business process/workflow automation and optimisation consulting services using UiPath, K2, Mendix, MatsSoft, Office 365 and technologies like Artificial Intelligence (AI) and Internet of Things (IoT). Velocity uses low- and no-code platforms to rapidly design, develop and deploy high productivity workflow-driven software applications for mobile, tablet and desktop devices.


  • Easily create business process automation and optimisation solutions
  • Rapid business process discovery and modelling capabilities
  • Replace manual business processes with automated processes
  • Quickly develop line-of-business applications for mobile, tablet and desktop
  • Digitise business rules using a drag and drop rule designer
  • Easily develop electronic forms using no-code form designers
  • Secure integration with multiple external data sources
  • Configure real time reports for operational insights
  • Full process audit and tracking capability for compliance
  • Full integration with all Microsoft-based products (for example SharePoint)


  • Rapidly create automated workflow and business processes across your business
  • Identify process bottlenecks and fix-in-flight erroneous processes without IT involvement
  • Easily change process to respond to operational and legislation changes
  • Enable end-users and Business Analysts to create highly scalable applications
  • Develop applications quickly without the need for IT development skills
  • Automate manual workflow tasks with secure low-code apps
  • Deliver end-users their data, reports and tasks on any mobile-device
  • Reduced development and cost of ownership costs of workflow-driven apps
  • Data integration with multiple external data sources
  • Design and run online forms in minutes instead of days


£84.71 to £275.86 per user per year

Service documents


G-Cloud 11

Service ID

5 8 6 8 6 7 6 6 3 6 6 3 3 2 7


Velocity IT

Arno van Rooyen


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Microsoft Azure-based
System requirements
  • Modern browser
  • Windows Server Platform for Unattended RPA software bot
  • Windows Desktop PC Attended RPA software bot

User support

Email or online ticketing support
Email or online ticketing
Support response times
1. Mo-Fr 4 am to 5pm

2. Emergency out of hours hotline exists

3. Immediate 'auto response'

4. 4 hours SLA for 1st contact and initial analysis and potential workaround provisioning

5. Resolution Times -
Tier 1 (Critical) - 3 calendar days
Tier 2 (Medium) - 5 calendar days
Tier 3 (Low) - 7 to 10 calendar days
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
1. End user goes the the corporate website and the Web Chat Bot will popup
2. The Bot ask the users name, company and if the inquiry is support related
3. Rules-based engine routes it to the support help desk in office hours, or mobile phone after hours or weekends
Web chat accessibility testing
HubSpot Chat Bot is used and is complies to (WCAG) 2.0 Content Accessibility Guidelines
Onsite support
Yes, at extra cost
Support levels
Support is provided via online portal, phone or on-site visit. Support is either;
Annual (unlimited) or
Hourly (called off against pre-purchased support credits)
Support available to third parties

Onboarding and offboarding

Getting started
Projects start with a discovery session to establish requirements and objectives. This is followed by a comprehensive implementation plan defining deliverables, timescales and roles and responsibilities. Full project management is provided throughout the term of the contract with milestone reviews to ensure successful delivery and progression. Full on-site and go-live support is provided along with full application training and documentation. A project review generally follows after go-live to ensure continuous user adoption.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
Full data extract capabilities are available in the application. A full database backup can also be provided to the customer upon request. After service termination, all database backups and data extracts are delivered to the customer and all data can easily be deleted.
End-of-contract process
Once a notice of termination is received, all data and platform customisations are exported and made available to the customer in a acceptable format - for example CVS and SQL.

If the data is required in a specific format or a data import to a new service is required, a professional service charge will apply.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
The service is responsive in nature and has like-for-like support between mobile, desktop and tablet devices. There are differences, but the design time tool allows you to target either mobile or desktop that optimises the user experience. Key platform capabilities are available across all platforms.
Service interface
What users can and can't do using the API
Service platform has a mature API that allows accessibility to all platform capabilities - including data input/output, application management, security APIs

Further details available on request.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The K2 , Mendix. MatsSoft, Microsoft PowerApps, Microsoft Flow and UIPath platforms are low- and no-code graphical designer based platforms. It allows full customisations of electronic forms, workflow processes, Robotic Process Automation scrips, reporting and data integrations.

Customisations are done using the capabilities' designers, but code-base customisations are also supported.

The user interface can also be styled using custom themes and CSS.

Customisations can be done by power end-users, analysts and developers


Independence of resources
The platform scales both horizontally and vertically. New nodes can easily be added to support in increase in demand and fail over.

Cloud services are elastic and processing power, memory allocation and disk space can be increased easily based on required demand.


Service usage metrics
Metrics types
Business Application Metrics
- Business Process Performance
- User Performance
- Transaction throughput performance
- Process error analysis metrics

Infrastructure Metrics
-Processor, Disk, Network and Memory usage metrics
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
K2, Mendix, UIPath, MatsSoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data in a variety of formats Excel, CSV, API or SQL Server database connection.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • SQL Server Database
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Agreed service availability of up to 99.9%, 24/7

Velocity will also make reasonable efforts to resolve Application Support requests based on the severity and support level as shown below:

(i) Severity 1: Reasonable attention from necessary maintenance staff until the problem is materially resolved. Resolution will normally be provided as a special purpose Software Update. The target time for resolution of the problem, or reducing the impact of the problem to Severity 2 or 3, is within three (3) calendar days from the time the problem is reported. Velocity will maintain regular communication with you regarding the problem at mutually agreed upon intervals.
(ii) Severity 2: Velocity will make reasonable efforts to provide a resolution reasonably acceptable to you or reduce the impact of the problem to Severity 3, usually via a special purpose Software Update.
(iii) Severity 3: Velocity will make reasonable efforts to determine what corrective action is necessary to remedy the problem via a special purpose Software Update or advice to you.
Approach to resilience
Disaster recovery is built in via a secondary failover environment. For on-premise, you would be responsible for providing the failover environment
Outage reporting
A range of options are available, including administration reports, email alerts and administration portal where outages are reported

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Direct contact (via. phone and email ) will always be followed by a 2-factor authentication. A SMS is sent to a registered pone and the code needs to be provided before any support engagement happens.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
We follow the principles of the Cyber Essentials, ISO27001 and GDPR policies. Formal documented policies available on request. Our policies and managed directly through our internal CISO and internal head of compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Generate CR: A submitter completes a CR Form and sends the completed form to the Change Manager. Log CR Status: The Change Manager enters the CR into the CR Log. The CR’s status is updated throughout the CR process as needed. Evaluate CR: Project personnel review the CR and provide an estimated level of effort to process, and develop a proposed solution for the suggested change
Authorize: Approval to move forward with incorporating the suggested change into the product. Implement: If approved, make the necessary adjustments to carry out the requested change
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Periodic vulnerability discovery / scanning takes place as part of a comprehensive Business Continuity Plan.
Vulnerability Analysis is completed against the vulnerability scanning raw output and used to produce detailed and targeted reporting at a low level for technical delivery teams and a high level for management view of risk surfaces.
Technical reports help technology support teams to calibrate patching cycles to allow vulnerabilities found to be remediated effectively by potential risk priority. Patch release and deployment goes through a robust risk analysis to identify and mitigate associated vulnerabilities
Rescans are subsequently undertaken to verify closed vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through robust data protection policies. A breach in security is immediately reported to the customer and an plan to mitigate the threat. SLAs linked to the severity applies when responding to threats.
Incident management type
Supplier-defined controls
Incident management approach
Velocity has an internal incident management policy and process implemented according to ITIL version 3. Incidents are reported using an online help desk system and routed to the appropriate member of staff to deal with it. The process is fully tracked and has detailed reporting to enable monitoring of incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£84.71 to £275.86 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑