BusinessOptix Ltd

BusinessOptix, Business and Process Modelling, for Digital Transformation and Business Operations

Business Process Modelling and Design (BPMN), operations modelling, service management development and data modelling, Business Intelligence, and dash-boarding for Business Transformation and Operations. Straightforward to use, working through a secure cloud library customised to your business purposes. BusinessOptix adheres to ISO/IEC 19510:2013 standards for Information notation and 27001:2013 for ISMS.


  • Author: Capture, model and document requirements, processes and procedures
  • Portal: Manage and publish content and knowledge in a portal
  • Reviewing and approval: Create review, approval and distribution workflows
  • Collaboration: Capture, share and manage every idea for process improvement.
  • Create Transformation maps T-Maps and Digital Twin of Organisation DTO
  • Data tagging: across models RACI , locations, systems, glossary, data
  • Scenario modelling: Create as-is and to-be states and compare both
  • Process Mining : import and convert existing processes Visio..
  • Scenario evaluation, assessment and performance
  • Dynamic dashboarding based on manual or autodata population


  • Save 70% when deploying new processes
  • Libraries of subject specific content aid in deployment
  • Achieve regulatory compliance ahead of stipulated deadlines
  • 20 times faster to service for new projects
  • 80% time saving when creating training material
  • Get ready for and deliver transformational projects
  • Create internal, centralised and consistent shared services
  • Inbuilt compliance and authorisation mechanisms
  • Capture, distribute and reuse knowledge around the organisation
  • Inter-operable with other systems


£40 per user per month

Service documents


G-Cloud 11

Service ID

7 1 5 7 4 2 7 9 8 6 2 9 3 6 6


BusinessOptix Ltd

Sandra McInally

+44 207 084 7480

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Workflow management and legacy applications, Business Intelligence services, JIRA, Oracle Process, Flowcentric Processware, Visio, Process Flows, GenPact, DST, others.
Cloud deployment model
Public cloud
Service constraints
There are no constraints on using the service.
System requirements
  • Access to the Internet
  • Browser access via the Internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
BusinessOptix Support shall accept information requests and issue reports via email (to from a Technical Support Contact.

BusinessOptix will respond, by email, to any reported issue or request for information within 1 business day.

For Business Critical or Service Restriction issues (see Escalation Procedures below), BusinessOptix Support will attempt to contact the Technical Support Contact directly by telephone.

As per the Time-Zones/Region section below the BusinessOptix team is Global and tickets will be triaged and processed by the most appropriate members of the team depending on criticality, location and other factors.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Front line customer administrator support is standard, with direct user support available subject to agreement and scope. We provide a specialist consultant to support the use of the platform for a customer's specific purpose.
Support available to third parties

Onboarding and offboarding

Getting started
We support, for an inclusive cost, the set up of the service and the first few models or notations created. We have an online community with video materials to support the ongoing use of the platform. We can also provide facilitator led training at a further cost either in person or via regular scheduled Webinars.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers can download content from their libraries with simple utilities provided into most file formats. Bulk downloading can be provided in conjunction with the support team.
End-of-contract process
A termination date is agreed, with accompanying plan for the off-boarding of users and the hand over of content and data. Any outstanding charges are invoiced at the end of the month. Data is retained for a minimum of six weeks in case of service reactivation later.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The service is enabled for usage via a mobile browser on a mobile device. This is best limited to consumption of created content but caters for all features. The form factor of the device (Smartphone/Tablet) may dictate usability on a user by user basis.
Service interface
Description of service interface
A Database Schema report is available for each tenant (in the library) as well as documentation for the API's and other structures.
Accessibility standards
None or don’t know
Description of accessibility
The UI is designed to be simple and easy to follow as a user (accessed via browser). Visual guidance/tours and information is provided for.

The best practicable levels of accessibility have been provided considering the nature of the platform.
Accessibility testing
What users can and can't do using the API
The RESTful interface allows access to all of the features of the application, and the interchange of data, available by arrangement.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The frameworks/stencils within the library and the outputs can be customised by users. This would require Admin level users with XML and XSL knowledge.


Independence of resources
The service is hosted by Azure and is constantly managed and monitored for scaling and performance requirements.


Service usage metrics
Metrics types
Reports are available in the tool that detail User Activity. These can be accessed by permitted users from within the tool, via the API, via support (as initial training). Custom reports and usage info/reporting, not in line with the standard offering, are available based on an assessment of the effort and cost.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export all content through their own libraries and control panels into a common format under their own control.
Data export formats
  • CSV
  • Other
Other data export formats
  • ISO/IEC 19510:201 BPMN Notation
  • Microsoft Visio and office
  • AWD Process model
  • Bizagi 2.6
  • Oracle BPA
  • XML
  • Image
  • Native file formats
Data import formats
  • CSV
  • Other
Other data import formats
  • ISO/IEC 19510:201 BPMN Notation
  • Microsoft Visio and office
  • AWD Process model
  • Bizagi 2.6
  • Cordys Nimbus
  • Oracle BPA
  • XML
  • Industry Print
  • Image

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
DARE encryption (XTS-AES 256-bit) on the SAN adds additional security to Customer data.

Availability and resilience

Guaranteed availability
SLA is for 99.5% availability
Approach to resilience
This information is available on request. Resilience of infrastructure is assured by our hosting provider, Azure.
Outage reporting
We use email alerts and monitoring technology (reports available to customers) for noticeable operational loss of service.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Support has independent routes to the service for management purposes. Access points are restricted by IP address.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Both the BusinessOptix platform and operations are in scope. SOA available on request.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our Information Security policies and processes form part of our ISMS and are compliant with ISO 27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Software configuration is undertaken in-house and follows good industry practice within an agile methodology. Code changes and new feature provision are assessed for threat as part of the security group. The infrastructure level is a fully managed service on our behalf by Azure under an agreed SLA.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We carry out periodic reviews (and yearly independent penetration tests) of threats to service availability and viability, based on membership of a security community, that constantly monitors known threats and vulnerabilities. Our best defence is in providing well-architected applications and high-grade communications methods. The status, location and configuration of our software and infrastructure components are tracked throughout their lifetime. Changes to the service are assessed for potential security impacts and then managed to resolution where relevant.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We constantly monitor network traffic and access requests across a real-time network that identifies early warnings of high-risk traffic. Our response is real time and immediate to threats to service viability and availability. Additionally, our service effectively monitors misuse and malfunction. Our intention is to give confidence of capturing enough service meta-data to identify the suspicious or inappropriate use of our services, and can take prompt and appropriate action to address any incidents before it becomes user critical.
Incident management type
Supplier-defined controls
Incident management approach
We use our own platform to operate a reporting scheme for users and administrators. Where appropriate, we advise customer users and administrators of an incident and if serious notify CESG or Cyber Essentials of an attack. Incident management processes are in place for the service and are actively deployed in response to security incidents pre-defined processes are in place for responding to common types of incident and attack. Our own platform defines the process and contact route for reporting incidents by users and administrators. Where relevant, incidents are reported swiftly to administrators and users by a suitable mechanism.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£40 per user per month
Discount for educational organisations
Free trial available
Description of free trial
Full access to a trial instance of the platform (all features). Open on-boarding sessions and access to our support team. The trial period is typically 30 days but extensions will be considered on request.
Link to free trial

Service documents

Return to top ↑