Little Fish (UK) Ltd

Robotic Process Automation (RPA)

By utilising Robotic Process Automation (RPA) or IT Process Automation (ITPA) from Littlefish organisations can reduce operational overheads whilst improving quality and efficiency by automating common, repetitive IT underpinned tasks. 'Virtual Workers' based on the market-leading Blue Prism platform can be utilised on a price per minute basis.


  • Enterprise-ready fully managed 24/7 service
  • Consultative approach to deployment
  • Completely vendor agnostic and therefore compatible with any application
  • Validation/Authorisation controls easily added into intelligent automated workflows
  • Executive reports highlighting monthly automation volumes and success rates
  • Real time status of automation volumes and current activity
  • Based on the market-leading Blue Prism RPA platform
  • Virtual Workers can be 'hired' on a minute-by-minute basis


  • Reduced operational expense and thus rapid ROI
  • Increased resource productivity
  • Free up staff for more productive and strategic activities
  • Increased visibility of managed resources
  • Improved service delivery
  • Consistent, error-free, auditable process completion
  • Alignment and adherence with compliance objectives (SOx, ISO, PCI, etc)
  • Improved integration of disparate processes, applications and services
  • Reduced provisioning times
  • Improved understanding and definition of your business processes


£0.08 to £0.25 per instance per minute

Service documents


G-Cloud 11

Service ID

6 4 3 8 0 7 3 4 1 7 8 5 6 8 1


Little Fish (UK) Ltd


0844 8484440

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints A site to site VPN may be required between Littlefish and the customer site to ensure a permanent and secure connection.
System requirements
  • Littlefish’s RPA service supports secure communications like SSL
  • Web console access and web services integration is SSL encrypted
  • An IPSEC VPN between Littlefish and customer’s locations recommended

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is available 24x7 through the managed service.
The specialist RPA resolver team operates Mon-Fri during normal office hours, for resolution of complex workflow issues.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing Our web chat channel is fully tested to support assistive technology users.
Onsite support Yes, at extra cost
Support levels Our RPA service is provided in line with a core set of KPIs (which are outlined in more detail, alongside our approach to service delivery, in the attached Service Description document). Fundamentally our service is designed and configured to provide an automated business and workflow process utilising the software we provide from our public cloud service. The service is provided 24/7 at an availability SLA of 99.95%. Our Service Desk provide support to the service and operates per service KPIs to ensure incidents and service requests are handled effectively. A Service Account Manager (SAM) will be appointed to manage the services we deliver. The SAM will own the relationship from both a commercial and operational perspective. SAMs are normally supported by a Service Delivery Manager (SDM) who ensures that day to day service operations are delivered to the highest standards, and in line with any collaborative processes that have been developed with the customer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-boarding, as defined in the Service Overview, involves an initial consultative engagement to identify key process automation candidates and associated validation/authorisation requirements. The Littlefish consultant works with the customer to calculate anticipated RoI from the automation. Where a clear business case is developed (N.B. this may not be purely cost benefit based as some automations may satisfy regulatory requirements, or reduce the likelihood of human error) then the consultant proceeds to automate the identified process(es). The initial consultative engagement typically runs for 1-10 days dependent on the complexity of the process to be automated.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Littlefish will provide a CSV export of all monitored automation datapoints captured during the lifecycle of the contract
End-of-contract process Off-boarding involves Littlefish returning all documentation, specifications and designs utilised as part of the RPA implementation process to the customer and providing a CSV export of all monitored automation datapoints captured during the lifecycle of the contract. Once the automation datapoints have been exported and confirmed as accepted by the customer Littlefish then purges the automation datapoints from the Automation database.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Service interface Yes
Description of service interface Administrators and Designers use the services through a service interface to create and administer the intelligent workflows.
Accessibility standards WCAG 2.1 AAA
Accessibility testing Through the browser the service interface is supportive of users of assistive technologies.
Customisation available Yes
Description of customisation All Automation engagements are custom, and involve the following process of invocation and ongoing management. 1. Define - Littlefish Consultant works with Customer to identify key process automation candidates and calculate Return on Investment (RoI) forecast 2. Build - Littlefish Consultant designs and automates identified business processes 3. Control - Customer is built into the control (validation/authorisation) cycle of the workflow to ensure oversight is maintained 4. Orchestrate - Newly automated processes are implemented 5. Report - Exec-level focused monthly reports provide feedback on automation volumes and success rates


Independence of resources The service is built on automation 'virtual workers'. Additional virtual workers can be spun up on demand to address increased workload. Virtual workers can also be dedicated to a potential customer requirement to ensure that spikes in demand do not impact operations.


Service usage metrics Yes
Metrics types Monthly reports are provided as part of the service detailing trend analysis on process automation and utilization, and a breakdown of all configured outputs identified in the monitored period. Where a RoI business case is developed during the on-boarding process Littlefish are also able to report on RoI attainment progress on a monthly basis.
Reporting types Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Thoughtonomy

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Littlefish would provide a data export on request from the customer. Data would typically be exported in CSV. Documentation will also be provided on process maps, and automation routines.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Littlefish operate a fully resilient service providing an availability service level of 99.95%. The Littlefish RPA platform is operated as a multi-tenanted Cloud service from within Tier 2 Data Centres.
Approach to resilience Littlefish operate a fully resilient service. The Littlefish Automation platform is operated as a multi-tenanted Cloud service from within Tier 2 Data Centres. Data will be replicated to a partner Data Centre on a continual basis.
Outage reporting Our Service Desk will identify, capture and report any service outages, via Phone and email communications. Monthly reports are also provided.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Standard username password restrictions are in place to control access. For direct interaction with our Service Desk it is also possible to enable Identity Management processes with users being prompted share pre-recorded 'challenge/responses' in order to engage the service.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date December 2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Littlefish are accredited to ISO27001:2013 and operate a Information Security Management System (ISMS) that inevitably conforms to this standard. Littlefish are also Cyber Essentials Plus accredited.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Littlefish work flexibly to implement the Automation service in line with our customers pre-existing Configuration and Change Management processes. In turn these processes are typically ITIL aligned.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerability management is managed at the platform level by the underlying vendor. Further information can be provided on request.
Protective monitoring type Undisclosed
Protective monitoring approach Protective monitoring is managed at the platform level by the platform vendor. Further information can be provided on request.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Littlefish operate a robust ITIL aligned process for Incident Management covering standard Incidents and Security Incidents. Incidents are registered either through user interaction (phone, web, etc) or through proactive monitoring. Incident reports are typically delivered to our customers on a monthly basis as part of the service review cycle.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.08 to £0.25 per instance per minute
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑