Tocalabs Ltd

Cognitive Robotic Process Automation (RPA)

Tocabot is Cloud-based Robotic Process Automation Tool capable of automating processes across business. Tocabot Platform is enterprise ready, provides rapid integration, is hyper scalable and is code-less, enabling immediate business efficiencies within an organisation. Tocabot’s Core Server builds workflows, automation scripts, schedules and manages pipelines, controls and maintains bot infrastructure.


  • Brings latest machine learning functionality to real business tasks.
  • Capable of handling one to a million bots and users.
  • Automates mundane or repetitive tasks.
  • A scalable and secure system-independent platform.
  • It is code-less allowing all members to be involved.
  • Simple integration.
  • Seemlessly integrates with the leading cognitive services.
  • Robotic Process Automation is the pathway to Artificial Intelligence.
  • Tocabot enables the Human-Machine Team.
  • Combines Automation with AI services to automate processes.


  • No client to install, it runs from a browser.
  • Easy for IT to manage.
  • Easily measurable business improvement performance.
  • Reduction in mundane tasks, encourages more staff creativity.
  • Code-less and inclusive, can be used by all teams members.
  • Can be deployed anywhere.


£950 to £4500 per instance per month

  • Education pricing available

Service documents

G-Cloud 10


Tocalabs Ltd

Mathew Rule

+44 20 8050 1502

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements
  • Compatible with Windows (All versions)
  • Linux (All versions)
  • MacOS (All modern versions)
  • Modern Web browser (i.e. Chrome, Firefox, IE, Edge, Safari)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 hours - 9am to 6pm - Monday to Friday.
24 hours - Saturday to Sunday
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing We have used automated WCAG testing software to test our interfaces.
Onsite support Yes, at extra cost
Support levels Offsite support is included in the platform costs.
Onsite support costs 1200 GBP plus VAT per day.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training.
We also provide online help documentation and 'cookbook' tutorials.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We will provide you with a downloadable file of your scripts, reports and user data. This can also be done from our admin dashboard.
End-of-contract process Included: Teardown of the service. Export of the users data via a downloadable link.
Not included:
Removal of bots from the customers internal platforms (this must be done by their internal teams).
De-integration of the service from other 3rd party platforms that the customer has integrated.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We have limited the scripting capability when using a mobile device. Users can still schedule, track the progress and view reporting of their automation workflows.
Accessibility standards None or don’t know
Description of accessibility Most of the platform will work to WCAG, however due to the way the scripting screen works, it is not possible to make this work to WCAG standards with today's technology.
Accessibility testing None
What users can and can't do using the API Schedule automated workflow.
Get results.
Get reports.
The API details are access and administered through an admin portal.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We offer a dashboard product that allows users to build 'front-end' interfaces to the automated workflows.

Users can also create Bots, Users and assign bots to users accounts.


Independence of resources We vertically partition the platform so that a service gets a guaranteed amount of server resources.


Service usage metrics Yes
Metrics types Users' access
Bots activity
Status of automation workflows
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via the admin dashboard. The user will receive a XML file.
Via a request to the support email.
Data export formats Other
Other data export formats
  • XML
  • JSON
Data import formats Other
Other data import formats
  • XML (Tocabot supported format)
  • JSON (Tocabot supported format)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our availability meets 99.99% uptime. Refunds are offered at 1 month in arrears if a service outage affects the customers operations.
Approach to resilience This is available upon request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels These sit on different networks and are controlled with different security, authorisation and firewalls.
Access restriction testing frequency At least every 6 months
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Less than 1 month
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach None at the date of this submission, however we are going through ISO27001
Information security policies and processes Our processes and policies are in accordance with ISO27001 and CISSP.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our approach is a variation of ITIL adapted for continuous delivery.
Vulnerability management type Undisclosed
Vulnerability management approach We use automated intrusion detection systems.
Automated lock down procedures and isolation.
Non urgent patches are deployed nightly, or as soon as feasible if urgent (in conjunction with a network lockdown if neccessary)
CVE databases.
Protective monitoring type Undisclosed
Protective monitoring approach We have undisclosed internal systems to detect unauthorised change on our systems.
We use Intrusion Detection Systems.
Our response time is based on the impact.
Incident management type Supplier-defined controls
Incident management approach Our approach is a variation of ITIL.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £950 to £4500 per instance per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑