K2's process automation platform helps you rapidly build, change and maintain business process applications without writing endless lines of code. This makes it possible to deliver integrated, mission-critical process automation and case management at scale as well as quickly roll out lightweight departmental workflows.
- Enterprise Workflow. Visual, intuitive process and rules designers
- Forms. Visually design user experiences mobile-ready leveraging data and workflows
- Business Rules. Across workflow, forms and data
- Integration. Point-and-click integration with virtually any line-of-business system
- Low-Code. Citizen developer focused wizards, templates & design approach
- Component model. Re-usable artefacts to scale & change readiness
- Mobile. Responsive user experience on major devices, online or offline
- Security & Governance. Comprehensive, role-based management provide security & governance
- Analytics. Reports & Analytics to identify issues & drive optimisation
- Microsoft. Native interoperability across CRM, Flow, PowerBI, SharePoint ....
- Develop Applications quickly. 78% reduction vs. traditional development
- Reduce systems catalogue. One platform to build and manage applications
- Rapid ROI. Forrester validate 466% over 3 years
- Change. Component model and governance deliver rapid, controlled change
- Digital by default. Connects citizen-facing services and department transformation
- Low Code. Decreased reliance on developers with citizen design model
- Channel. Significantly reduced transactional costs across multi-channels
- Insight. Service compliance and optimisation with process monitoring and reporting
- Data. Integration model leverages LOB systems data reducing data silos
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
K2´s Cloud platform is an independent software running on Microsoft Azure service and connected to Azure Active Directory (no extra contract required with Microsoft).
K2’s platform delivers integration with leading solutions, such as SharePoint, DocuSign, Dynamics CRM, SAP and Salesforce as well as connectivity through REST, OData and Web services.
|Cloud deployment model||Public cloud|
|Service constraints||No service constraints are known at this time|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Depending on the severity of the issues within 1-2 business hours.
Standard support times 8:30 - 5:30 Monday to Friday
Premier support times 24/7 - 365 days (extra costs see pricing)
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||We use Go To Meeting for remote support|
|Web chat accessibility testing||We use Go To Meeting for remote support|
|Onsite support||Yes, at extra cost|
STANDARD: Software updates and upgrades, Codefixes, security alerts, and critical patch updates.
- Unlimited access to online self-service knowledge base of information and solutions.
- Unlimited access to online product help documentation.
- Electronic and telephonic access to K2 Software Support personnel for Standard Support Incidents.
- Unlimited access to SourceCode’s community forum for software functionality questions, assistance and guidance, solution and application sharing, collaboration with other community resources and technical information on lower priority service issues.
PREMIER: This service includes:
- Standard K2 Software Support
- Access to After-Hours Support
- Assistance on Standard Support Incidents for Technical Contacts operating from regions other
than where the K2 Software was licensed.
K2 software assurance provides ongoing access to product updates and downloads and various technical assistance resources, including:
- Online training and tutorials
- K2 Knowledge Center access
- K2 Community website access
UK support hours are 8:30 to 5:30 Monday to Friday.
|Support available to third parties||Yes|
Onboarding and offboarding
K2 provide open group or virtual classroom training options globally. Training options include self-guided, on-demand or group courses as well as a host of training courses, tutorials and videos for free via the K2 Learning Library.
See details at https://www.k2.com/support-services/training-courses/course-descriptions
|End-of-contract data extraction||Customers can request a backup of their database at the end of the contract.|
At the end of a contract a customer can either renew subscription or cancel.
As K2's data policy for building applications is to use existing systems of record within a business so should a customer not want to continue to use K2 then the data should already reside either within the existing systems or defined databases supporting the cases managed by K2.
K2 provides a suite of reports which can also be used to extract data on the processes being run by K2 at the end of a contract should the customer not want to renew.
Any services to create information in different sources at the end of a contract would be chargeable and negotiated at the time.
Environments and any data will be securely destroyed 30 days after termination of the agreement.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
K2 Smartforms can be designed using one of the out of the box responsive themes to will automatically resize the form to fit in the screen of mobile devices and tablets.
The K2 Mobile App also provides off-line capabilities like task management, collaboration, comments and attachments, decision making and access to offline forms, application forms and reports
|Description of service interface||
Browser-based design tooling :
Design and Build
- Security and Compliance
|Accessibility standards||None or don’t know|
|Description of accessibility||Can achieve this by an additional extra (cost) from our partner Discover Technologies - https://discovertechnologies.com/products/accessible-smartforms/|
|Accessibility testing||See - https://discovertechnologies.com/products/accessible-smartforms/|
|What users can and can't do using the API||
K2 provides a standard set of REST services that allow for standard interactions with a workflow process such as process initiation, task actioning etc.
The K2 workflow API (REST) allows applications to:
• Start K2 processes
• Retrieve a user’s worklist
• Action a worklist item
• Retrieve details about a process instance
• Delegate or redirect a worklist item
The K2 SmartObjects OData API allows:
- Integration with BI tools such as PowerBI, Tableau or even Excel
- Access any Smartobject data via OData endpoints
o Line-of-business integration with virtually any system using K2’s SmartObjects
o Out-of-the-box integration with SharePoint, SAP, Microsoft CRM, Salesforce.com, SQL Server, Oracle, Exchange, Active Directory, Microsoft Excel and Microsoft Word
o Build composite SmartObjects that connect with multiple line-of-business systems to provide a single view of business data
o Inline Functions provide a built-in set of functions to provide complex logic and calculations
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
K2 software allows people to build and run business process applications, including forms, workflow, data and reports. Across enterprises and within departments, K2 customers are rapidly transforming their companies with applications that allocate work to the right people, with all the information they need to make great decisions.
With K2's visual tools, creating, launching and using the first K2 application is a snap. Reusable components ensure the next application delivers faster than the one before, and when the business needs change, it's easy to update your K2 apps to fit.
K2 provides a scalable, managed platform for data integration, customisation and forms. This provides a solution that rationalises all your workflow, integration and forms requirements into one scalable platform that works regardless of whether you are running a pure standalone K2 offering or integrating with other systems.
|Independence of resources||
K2 Cloud runs on a service that can be scaled based upon either short-term, forecasted demand OR more permanently due to growth usage and adoption.
K2 Cloud is currently deployed as a multi-tenant model; however, customer compute and data is segmented from other customers. However, customers are isolated in both the compute and data storage tiers.
|Service usage metrics||Yes|
K2 provides detailed reports around the status of each process and their instances. These reports can be used to monitor real-time process information and discover trends for process-improvement.
K2 also provides the Server Usage report allows you to view the number of K2 artifacts -- like workflow definitions, process instances, activity instances, event instances, SmartObjects, forms and views -- deployed in your environment. The purpose of this report is to compare this number with your license agreement. You can also use the license audit report and the server usage report to determine if you are compliant with your license agreement.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||
Standard TDE Azure SQL, full database encryption.
Optional database column encryption based on database engine (i.e. AES 256 on SQL Azure)
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data, provided via K2 Smartobjects, can be exported by different mechanisms. In a programmatic way, K2 Smartobjects can be exposed as OData endpoints. These endpoints can be used to export data straight into Excel files or to be used directly in BI tools such as PowerBI or Tableau. For an end user, K2 Smartforms provide a capability to "Export to Excel" a list of results with filtering and paging options available. An export of a form displayed information can also be created in PDF format.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||K2 Cloud provides customers with an Availability SLA of 99.9% within their production K2 Cloud tenant. Availability is defined as the ability for a customer to be able to access the production service environment irrespective of network connection or other intermediary issues outside of the control of K2. A Service Credit is available to customers should the K2 Cloud SLA not be met.|
|Approach to resilience||
K2 Cloud makes use of SQL Azure as data store. SQL Azure creates automatic geo-redundant database backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes. The backup storage geo-replication occurs based on the Azure Storage replication schedule – handled by Microsoft. The retention period for the database is 30 days. The above means that we can do any point-in-time restore of the data with a 10-minute accuracy within the last 30 days.
High availability (HA) is provided by default in the Production instance. Native Microsoft Azure capability is utilized in testing disaster failover (DR).
More details available in the K2 Cloud - Service Policies document. More details available on request
K2 Cloud is hosted on Azure datacenters. Azure status, planned maintenance and outages are reported via the website: https://azure.microsoft.com/en-gb/status. An RSS feed is available.
Communications channels to customers are via the K2 Cloud status page (status.onk2.com) as well as direct email notifications to subscription administrators.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The K2 Management site allows you to manage your K2 environment and components such as workflows, worklist items, SmartObjects, users and security. These are administrative tasks that are performed by the K2 administrator. The Server Rights node is used to add, edit, remove and refresh Workflow server permissions for users or groups. These rights will determine which users and groups can administer a K2 workflow server, export new workflows or impersonate a user.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Schellman & Company, LLC|
|ISO/IEC 27001 accreditation date||18/04/2018|
|What the ISO/IEC 27001 doesn’t cover||The only control not covered was outsourcing as we do not outsource, so it wasn't relevant. All other controls were included.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||SOC 2 type II attestation report|
|Named board-level person responsible for service security||No|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Security is an important part of our reputation, how we earn customer trust, how we do business and how we deliver our product. Our company must provide secure products and services for our customers. We are committed to maintaining a secure environment and improving our information security management system and security program.
K2 have a Security Committee who are responsible for providing support for the business by assuring the confidentiality, integrity, and availability of company information assets. The Security Committee discusses security topics, reviews key security metrics, and approves security policies.
The Information Security Management Systems (ISMS) Manager is
responsible for implementing and maintaining the ISMS.
Security Administrators include systems administrators, database
administrators, network administrators, and other application
administrators. These functional teams maintain the responsibility for the
management of security controls and configurations within the
information systems they support. They implement security mechanisms
and maintain the requisite technical expertise to support them. They
ensure systems and services comply with all approved corporate
information security policies, standards, and procedures.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Changes to the Cloud environment are tracked, approved, tested, and implemented in accordance with ISO27001 specification are are independently audited annually against SSAE 16 SOC2 standards for 12 previous months prior to the audit.
Changes by customers within the K2 Platform will be configured and operated by either customers or 3rd party suppliers.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||K2 performs annual vulnerabilty testing internally and externally, as well as contracts out to a third party to perform an annual penetration test of the product and standard environment. These are conducted in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Monitoring is conducted within Azure and consolidated within Elasticsearch for analysis.
Monitoring activities are handled in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Customers can reach out to K2 support via web, phone or email to raise incidents. Incidents will be handled via K2's internal incident management policies and conducted in accordance with ISO27001 specifications. The processes are independently audited annually against SSAE 16 standards for the 12 previous months prior to the audit and reflected within an SOC2 type II report.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1.39 to £23.49 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Available on request|
|Link to free trial||https://www.k2.com/tryk2|