Torry Harris Business Solutions ( Europe ) Ltd


Automaton is a zero/no-coding agile test automation tool for end to end application testing, covering all aspects of it – Browser View, API (SOAP and REST), DB & Log. Automaton offers the familiar flow chart-based design interface where user can drag and drop the components to create a visual workflow.


  • Integrated Agile Test Automation tool fit for DevOps
  • Zero coding test usecase preparation with flowchart model UI
  • Testing Browser View, API (SOAP and REST), DB & Log
  • Integration with other CI tools with rich set of APIs
  • Reusability of test-steps across the test case via custom action
  • Test cases & steps can be duplicated and share
  • Test bulk data by uploading it as a CSV file


  • Saves lot of time and effort, results in cost cutting
  • Improved UX with convenient Drag & Drop flow creation
  • Single tool for entire application testing
  • Reusable test cases & user collaboration boost productivity
  • Fits well in DevOps stacks with its extendable APIs
  • Data Driven testing eliminates/ reduces errors


£316 to £2527 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 3 4 1 5 8 2 0 9 3 0 8 9 2 3


Torry Harris Business Solutions ( Europe ) Ltd

Paul Pitman


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Planned maintenance will be done for one hour a month at the maximum. One week notice will be sent to all customer prior to the planned maintenance window. This will be carried out during non-peak hours to minimise disruption.
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to email queries within 2 Hours (24 * 7) for customers opting for our enterprise plans. And for customers opting for our SME plans, we respond within 2 Hours only during customer business hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available as a part of our product offering. The widget available in the product can be clicked to initiate a chat with our agent.
Web chat accessibility testing
We have not preformed any tests for assistive technology users
Onsite support
Yes, at extra cost
Support levels
Based on different SaaS plans - Freemium (or 30 Days Trial), SME version, Enterprise version and Enterprise Plus - we offer different support models.

For Freemium (30 days Trial version), we are providing limited Email support only. The plan for SME version comes with a 8hrs Business hour (of customer) support via Phone & Email. Enterprise and Enterprise Plus plans comes with 24 hour support. Cost for support activities varies and it's incorporated with the respective SaaS plans.

We follow standard support system structure, starting from L1 and L4 being the last level of support, which includes a team of professionals ranging from Cloud Support Engineers to Technical Architect.

Level 1 (Application & Infra) – Monitoring, Initial Investigation and Escalation
Level 2 (Application & Infra) – Detailed Investigation and Escalation
Level 3 (Applications) – Customized Development and System Integration Support
Level 4 (Applications) – Product Features Support and Maintenance
Support available to third parties

Onboarding and offboarding

Getting started
We provide all of the options:
a) Online documentation accessible for general public
b) Onsite training at an additional cost
c) Online training at an additional cost
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Data can be exported as human readable and machine-readable formats. Users have the choice to export the complete dump of their data at any point of time.
End-of-contract process
The following items are included in the price of the contract:
1. Data export capability.
2. Usage logs download capability.

The following services are offered at additional cost:
1. Data/application migration
2. Knowledge Transition to another system integration partner

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Automaton™ tool provides web-based interfaces for following modules :

1) Automaton Core module.

a) TestSuite : Logical grouping of test cases.

b) TestCase : Flowchart based UI for creating the testcase flow.

c) CustomAction : Contains reusable logic that can be used accross testcases.

d) ExecutionPlans : Logical grouping of test suites, can define order in which testcase/testsuite must be executed.

e) ConfigActions : To create customized actions/flow chart elements.

2) Automaton user management module.

a) To manage account and users.
Accessibility standards
None or don’t know
Description of accessibility
For public users facing components the web and mobile interfaces include standard controls and widgets. In context of accessibility, users can use third-party and/or operating system tools for text to speech, voice inputs, etc for broad range of activities such as:
1. Fill forms with controls like textbox, dropdowns, radio buttons, etc as their names describes their purpose.
2. Search for artefacts (Standard, advanced search )

What users can't do are:
1. Users can't create the visual flows
Accessibility testing
We have tested the application for basic accessibility support with the following web accessibility testing tools:
1. aXe accessibility testing add-on for Chrome and Firefox
2. Chrome Dev Tools
What users can and can't do using the API
Automaton tool have 150+ APIs and listing few under 2 major modules here,

1) Automaton core modules

a) Test Suite module APIs - Create/Delete/Update test suites.

b) Test Case module APIs - Create/Delete/Update/Execute testcases.

c) Custom Actions module APIs - Create/Delete/Update custom actions.

d) Execution Plan module APIs - Create/Delete/Update execution plans.

e) Reports module APIs - View/Delete reports of executions.

f) Configure Actions module APIs - Create/Delete/Update configuration actions.

2) User Management modules

a) Accounts module APIs - Create/Delete/Update accounts.

b) Roles module APIs - Create/Delete/Update roles.

c) Groups module APIs - Create/Delete/Update groups.

d) Users module APIs - Create/Delete/Update users.

e) Capabilities module APIs - Create/Delete/Update capabilities.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Customisation is allowed at two levels only for enterprise customers (above 8 Million API calls/month)

Level 1: Basic Customisation
Automaton tool provides interface to customize user specific actions to extend Automatons core functionality.

Level 2: System Integration with customer's system:
This is the advanced level where integration is required with customer's systems such as Identity Management (LDAP) etc. This requires a separate System Integration contract with us to facilitate the integration.


Independence of resources
The services are deployed in an auto scalable model. Each component of the service scale automatically depending on the usage.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported by the admin user of the service at his/her will at any point of time. This capability is offered within the web interface, but restricted only to users that have administrative privileges.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Excel XLS Format
  • XML
  • Attachments in ZIP file
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • Attachments in ZIP file

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We have different slabs for uptime availability. Customers that require high levels of availability will need to be provisioned across multiple "Availability Zones" with additional configuration for Data replication across geographically distributed data centres.

High availability with Disaster Recovery capability: 99.95%
General SLA for High-availability: 99.9%
Approach to resilience
This information is available on request.
Outage reporting
Service outages are reported using:
1. Email Alerts
2. APIs

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted to management interfaces and support channels through role based access control. The role based access control rules are uniformly enforced on the web and API interfaces. Role based access control provides high level of granularity, and can be mapped to individual users and/or user groups.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Star Certification International (SEI)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Non-technical not covered
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Star Certification International (SEI)
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Non-technical not covered
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Information Security Policies and Processes of Torry Harris is in alignment with the standards defined by ISO27001. Key principles based on which Torry Harris Information security framework is defined are

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Safeguarding the accuracy and completeness of information and processing methods.
• Availability: Ensuring that authorized users have access to information and associated assets when required.

Defined framework addresses the below needs of the Organization
- Physical and environment access control
- Network security
- Operational security
- Asset management
- Media handling
- Data backup and restoration
- Security incident management
- Business continuity management
- Cryptography

Asset based risk assessment is done by quantifying value of each asset. This approach ensures identification and measure of the asset’s risks and corresponding mitigation controls that have been implemented.

Chief Information Security Officer (CISO) is accountable for compliance to information security in the Organization. Internal audit will be conducted by compliance team to ensure compliance to the defined policies and processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
From requirements analysis to delivery, every phase undergoes checks/tests for security & compliance (GDPR/Open Source/PCI-DSS). There are both internal & external teams who do these tests on a periodic basis.

The code is structured to maintain each component as independent executables. So a change to one module is contained within it and is exposed only through well defined interfaces.

Each component of the product is versioned. The product itself has a version. All product releases are made only via a release portal. Every release can be tracked back to the branch in the code repository from where it was built.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security testing is done on the products every quarter by an external vendor and by an internal team for every release. Compliance of standards like GDPR & PCI-DSS are assessed during various phases of development. Information on threats are obtained from the CVE database. For compliance requirements, the respective body's guidelines are used as a the basis of assessment.

Depending on the priority of an issue, patches are deployed based on SLAs. Any P1/P2 issues are fixed and delivered with in 1 day or a temporary work around is suggested within this time frame.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The solution is completely hosted in AWS Cloud. We use Amazon GuardDuty as a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect all the workloads. This service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Automatically a ticket gets raised in our incident management system for any potential threat identified and it will be addressed based on the priority of incident.
Incident management type
Supplier-defined controls
Incident management approach
ITIL standards are followed for incident management with service desk as single point of contact for all issues. Incident management process follows the below steps:
1. Identifying the issue
2. Logging an incident as a ticket
3. Categorizing the incident
4. Prioritization of the incident based on the impact
5. Incdident Response
- Initial troubleshooting
- Escalating the incident if required to level 3 or higher
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
6. Communication with the end user throughout the life of the incident

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£316 to £2527 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
Free trial includes fully functional service for evaluation purposes for a limited trial period for 30 days. We extend the trial period upon request. Professional support is not included. Queries, etc during evaluation are supported by Email during business hours.

Service documents

Return to top ↑