Appian Corporation

Appian Cloud

Appian is a digital transformation platform combining intelligent Business Process Management (iBPM), dynamic/adaptive case management, and low-code application development. Fully web-based, Appian makes it easy and fast to design and deploy custom business applications—without coding—with workflow management, real-time reporting/business activity monitoring (BAM) and collaboration, content management, integration, and mobile capabilities.

Features

  • Appian Records – Unify data across systems/processes in one location
  • BPM – Create flexible processes to meet business demands
  • Rules Engine –Manage critical policies and procedures
  • Case Management – Better, faster, smarter decisions
  • Content Management – For all process-related documents
  • Dynamic Reporting – Real-time visibility into business operations
  • Out-of-the-box Integration – Interact with diverse systems
  • Mobile – Rapidly build and deploy natively mobile applications
  • Cloud – Deploy applications securely on our cloud offering
  • Maximum Security – For business solutions

Benefits

  • Configured, Not Coded – Rapid design and deployment
  • Real-time Collaboration – Users can post/answer questions and share knowledge
  • Agile Cloud Delivery - Be up and running in weeks
  • Flexibility – Change processes/applications on the fly
  • Local Hosting – Data processed/stored in your region

Pricing

£75 to £150 per user per month

Service documents

G-Cloud 9

891713326728608

Appian Corporation

Vikki Hailey

07932 444666

vikki.hailey@appian.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The following "constraints" are not disadvantages but merely considerations for each organisation:

> Fully web based across all user interfaces
> Applications developed on the Appian Cloud platform administered by customer
> Term-based service (not perpetually licensed software)
System requirements
  • Supported web browser or mobile device (see
  • "Service Definition Document" for detailed information).

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical issue response is 15 minutes (24x7x365 Premier support) and 1 hour (Standard support, Monday through Friday). Maximum response, for a minor issue, is 12 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Our comprehensive services deliver maintenance, support, and product updates to Appian customers, partners, and distributors. Post-implementation support is included in the Appian Cloud service. We offer our customers two levels of technical support: Standard and Premier. Appian support is accessible via phone or e-mail, as well as over the web. Additionally, Appian provides a single portal for our clients and partners, called Appian Forum, that delivers an integrated customer experience for knowledge management, discussion forums, Centre of Excellence documentation, product updates, software downloads, application and template downloads, logging support cases, licensing, documentation, and online training. Updates and new releases of the licensed software are included with Appian Product Support. In the United Kingdom, Appian Standard Product Support hours are 08:00 to 17:30, BST (British Summer Time), Monday through Friday, excluding Appian holidays. Premier support includes 24-hour assistance for critical issues. The Appian Product Support team operates in a “flat” organisational structure, whereby any engineer may assist any customer with any issue; and the Product Support engineer assigned to an issue at the time of help desk “ticket” creation retains ownership over the given case through to resolution/closeout.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Appian has automated processes to orchestrate the onboarding of new Appian Cloud customers. From a "get-started" perspective, Appian offers implementation, training, and post-implementation support services. Additionally, with Appian Cloud, all hosting, infrastructure, and system management tasks are managed by Appian; this includes activities around platform (but not application) administration, patch deployments, software upgrades (Appian software, operating system, and any other supporting applications), and backups.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Our customers can export data via Appian functionality and reports, including the business logic of their applications and the data stored in the relational database). Customers are responsible for exporting the necessary information prior to the termination date.
End-of-contract process Appian has automated processes to orchestrate the onboarding of new Appian Cloud customers and the offboarding of Appian Cloud customers that are discontinuing the service. These processes ensure that all involved parties within Appian are notified and also ensure that Appian Cloud sites are deployed and configured (or decommissioned) consistently. These processes further ensure each customer is notified well in advance regarding the expiration of its current Appian Cloud agreement, thereby allowing the customer sufficient time, should it decide not to renew the subscription agreement, to export its applications and data before its Appian Cloud site is shut down.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service For desktop use, users will use a supported browser to access Appian. Mobile application will need to be downloaded to device. The only difference will be how the user interface renders, as Appian’s mobile applications are native.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The Appian platform allows designers to build applications that are accessible to all users, including those with disabilities who employ assistive technologies such as screen readers. In order to meet this goal, Appian validates our product features against the requirements of leading accessibility standards: Section 508 of the United States Federal Government of the Rehabilitation Act of 1973; and World Wide Web Consortium (W3C)’s Web Content Accessibility Guidelines (WCAG) 2.0 Level AA.
API Yes
What users can and can't do using the API Appian provides web application programming interfaces (APIs), which is a way to expose Appian data and services to outside systems. To set these up, there is a web API designer within Appian. Some things you might choose to expose with a web API include a list of tasks for a specified user; a list of records for a specific record type; data about a specific record, similar to a record dashboard; the ability to write to a data store; and the ability to start a new instance of a process model.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Appian Cloud is inherently intended as a platform on which an unlimited number of process-based and case management applications can be configured, executed, monitored, and enhanced over time. Appian Cloud allows the design of the application using a Business Process Model and Notation (BPMN) compliant Process Modeller and natively integrated Business Rules Engine, along with drag-and-drop Smart Services that represent activities such as integrations which will occur at certain points in the application. Appian Cloud customers may easily create their own, drag-and-drop Smart Services.

And with Appian, building new applications becomes faster and easier over time, as designers are able to leverage a growing library of reusable components—including process models, rules, integrations, forms, reports, and numerous others. This means that every additional process automated will deliver incremental value and reduce marginal cost; and with a unified user interface, Appian flattens the learning curve for end users whenever new applications are introduced.

Scaling

Scaling
Independence of resources Each customer site receives its own dedicated virtual infrastructure which is logically firewalled from that of other customers.

Analytics

Analytics
Service usage metrics Yes
Metrics types Designers can create real-time reports and business activity monitoring (BAM) dashboards that gather accurate views of process and business metrics. Appian end users gain real-time visibility into business operations and receive continuous feedback to improve process performance. Get a 360-degree view from one interface (desktop or mobile). Navigate, search, analyze, collaborate, and take action on
enterprise data from multiple systems, all from a single intuitive interface.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Amazon provides the physical security controls for Appian Cloud. AWS's compliance with security frameworks and audits can be found at https://aws.amazon.com/compliance/ (including CSA and SOC reports). Appian provides encryption of data while at rest within Appian Cloud. Appian does not store customer data on physical media other than the servers within Appian Cloud and controls the encryption keys. Customers also have the ability to use the encrypted field functionality in the Appian platform to build additional encryption into their data.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Our customers can export data via Appian functionality and reports, including the business logic of their applications and the data stored in the relational database).
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Appian provides a 99.95-percent uptime service-level agreement (SLA) for the Appian Cloud offering. If, during customer's subscription, availability is less than 99.95 percent of the time in the applicable coverage window during a calendar month, Appian provides the customer with service credits in the form of a percentage of the applicable monthly service fee. These service credits range from ten percent to thirty percent of the monthly fee based on a combination of the problem severity level and the amount of time by which the guaranteed SLA has not been met. Further details can be provided on request.
Approach to resilience Appian uses Amazon Web Services (AWS) as our Infrastructure-as-a-Service (IaaS) hosting partner for Appian Cloud. The customer chooses its preferred region, and all customer data inside an Appian Cloud instance is protected and not copied outside the customer’s designated region. AWS has state-of-the-art data centres spanning eight regions worldwide—specifically, in Ireland and Frankfurt, Germany, in Europe; Northern California, Northern Virginia, and Oregon, in the United States; Sydney, Australia; Sao Paolo, Brazil; and Singapore. As our goal is to provide our Appian Cloud customers with a highly reliable and scalable architecture that affords them maximum uptime and zero data loss, customer production data is replicated across two availability zones within the client’s selected region. An availability zone is a completely separate data-centre location within a region (for example, if a customer chooses to have its solution hosted in Northern Virginia, that customer’s production data will be replicated across two entirely different and isolated data centres in Northern Virginia). Additional information is available on request.
Outage reporting Notifications of outages would be sent to each customer's designated support point of contacts via e-mail.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels This is restricted based on Appian’s extensive, role-based access control capabilities.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 3 May 2016 (by the Cloud Security Alliance)
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover The CSA STAR certification covers our entire Appian Cloud service offering.
PCI certification Yes
Who accredited the PCI DSS certification Payment Card Industry (PCI)
PCI DSS accreditation date 18 December 2016
What the PCI DSS doesn’t cover The PCI DSS certification applies to customer applications running in the Appian Cloud that process credit card transactions as a component of their solution.
Other security accreditations Yes
Any other security accreditations
  • Service Organisation Controls (SOC) 2 Type II
  • SOC 3
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Federal Risk and Authorisation Management Programme (FedRAMP)
  • Defense Information Security Agency (DISA) Level 2
  • Federal Information Security Management Act (FISMA)
  • SOC 1/ISAE (International Standard on Assurance Engagements) 3402
  • Cloud Security Alliance Security, Trust, and Assurance Registry (STAR) Programme

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards SOC 2 Type II, SOC 3, Payment Card Industry Data Security Standard, Federal Risk and Authorisation Management Programme (FedRAMP), Defense Information Security Agency (DISA) Level 2, Federal Information Security Management Act (FISMA), SOC 1/ISAE (International Standard on Assurance Engagements) 3402, Cloud Security Alliance Security, Trust, and Assurance Registry (STAR) Programme
Information security policies and processes Appian employs a full-time Information Security Officer and team responsible for defining and adhering to best practices-based information security policies and processes. This team works closely with our Appian Cloud team and Appian senior management to monitor the security and performance of our service, as well as coordinate periodic tests and reviews and work with third-party organisations that evaluate and certify the security and controls of our service.

Appian Cloud has a comprehensive security and compliance program that meets numerous industry standards, detailed in our “Service Definition Document.” Appian undergoes frequent third-party audits to validate that controls are operating effectively to protect customer data.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We use our software for the systematic proposal, review, justification, and implementation of cloud infrastructure changes. All changes are tracked using the Appian application and reviewed by a cloud architect/senior engineer. Appian pays special attention to the security and stability implications of the proposed change. Depending on the change, the reviewer may request development environment testing. All requests are stored for audit purposes. Our plan and process are reviewed at least annually and documented as part of our security program review. Appian's hosting provider manages hardware changes. Sound practices are covered as part of the Service Organisation Controls (SOC) audit.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Appian performs regular vulnerability scanning against all Appian Cloud assets. Appian performs risk assessments for identified security items and handles them in accordance with their overall impact. Appian makes our third-party penetration test report available to customers under nondisclosure agreement (NDA).
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Appian performs daily reviews of event/incident alerts at the infrastructure level. Unusual or suspicious activity is investigated and escalated as necessary. Customers have access to application and application server logs including security logs, which can be reviewed or downloaded via the web interface.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Appian uses an online form for incident reporting (available through Appian Forum) and the Appian platform for managing incidents, and we use Forum for customer communication. The steps we follow in addressing any reported incident are: 1) verifying the source; 2) verifying the incident; 3) notifying other parties as appropriate; 4) form incident response team; 5) gather evidence; and 6) contain, eradicate, and recover from the incident. Appian’s Information Security Officer is responsible for monitoring security incident status until it has been resolved and normal business operations have been safely restored. The response required depends on the type of incident.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other

Pricing

Pricing
Price £75 to £150 per user per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑