Workflow Science Ltd

Business Process Automation

Our intuitive process automation suite puts you in total control, enabling you to define and automate your business processes, workflows and applications with no demand on IT. It allows you to engage customers and stakeholders, improve efficiency and reduce costs by rapidly migrating manually intensive processes into fully automated ones.


  • easy-to-use, drag-and-drop business process modelling application
  • web-based work and management portal accessed via a standard browser
  • accessible from any device, including smartphones and tablets
  • integrated with social media and other forms of digital communication
  • real-time reporting and analytics
  • hosted in the EU on secure, scalable enterprise-grade cloud platform
  • choice of flexible packages to match business requirements
  • no per user costs
  • 60-day no obligation free trial
  • free business modelling service and free modelling app


  • bypass traditional technical barriers to take the driving seat
  • replace manually intensive processes based on Excel spreadsheets
  • create new business processes in minutes, not months
  • engage your customers directly within your processes
  • enhance your customer’s experience via multiple touch points
  • ensure compliance with service levels through continuous process optimisation
  • increase employee productivity and collaboration
  • adapt to new competitive threats while capitalising on emerging opportunities
  • respond swiftly to environmental or regulatory changes
  • gain low cost of entry and ownership


£0.04 to £0.085 per unit

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

9 4 3 5 9 8 7 0 2 1 6 9 1 4 6


Workflow Science Ltd

Rob Hill

0203 826 8705

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 8 hours during working hours (Mon-Fri, 0900-1700 UK time, excluding UK public holidays)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a universal support level treating all support cases equally. We assess the user impact of each issue raised and assign appropriate priority for resolution. Support is included within our standard pricing and there is no additional user cost.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Through on-site training and user documentation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Through the on-line Portal or use of an API, user can export own data.
End-of-contract process Pricing is based on a simple monthly Subscription Charge comprising of a Service Charge and Usage Charges.

There are no on-boarding or off-boarding charges.

User is free to cease using service without financial penalty.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No functional difference; responsive design ensures mobile visualisation optimised for screen size.
Service interface Yes
Description of service interface The service interface is a browser-based portal with two-factor authentication. Through the browser, Users can personalise their process maps, access human work, analytics and dashboards and manage user access.
Accessibility standards None or don’t know
Description of accessibility The service interface is a browser-based portal with two-factor authentication. Through the browser, Users can personalise their process maps, access human work, analytics and dashboards and manage user access.
Accessibility testing None
What users can and can't do using the API Customers access the service through a web browser which itself utilises our service APIs. All capabilities of our service are exposed through the APIs, subject to permissions.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our service includes a process modelling tool for the user. User therefore has complete freedom to create and make changes to their business processes.


Independence of resources To ensure users aren’t affected by the demand other users place on our service we utilise both active request rate-limiting together with resource auto-scaling. The former controls the increase demand and the latter up-scales the resource to deal with the additional demand.


Service usage metrics Yes
Metrics types Time-series and tabular data for: case status and outcomes, work detail, store data metrics and associated aggregations.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Services hosted on Amazon AWS: see and for further details and principals.
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Either via access through the on-line Portal, selecting data and then clicking 'export' or through the set-up of an automatic export 'job'.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network All data transit within network is protected by physical measures within Amazon AWS; for further details please refer to: and

Availability and resilience

Availability and resilience
Guaranteed availability We take all reasonable measures to ensure our Service operates at a minimum availability of 99.9%, excluding:
[1] scheduled maintenance, where necessary and as notified to user giving a minimum of twenty four (24) hours’ notice; and
[2] events outside our reasonable control, including but not limited to Force Majeure.

Service credits are the user sole and exclusive remedy and our sole and exclusive liability for any failure to meet Service Levels. Service credits are a pro rata credit against the Service Charge for that period of time the Service is not available to user during any given month.
Approach to resilience Available on request.
Outage reporting Via email notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Further support is provided for additional factors including knowledge, possession, inherence, time and location.
Access restrictions in management interfaces and support channels Management requests by users are only accessible via the Customer Interface, accessed through our Portal. Access to all management requests is subject to authentication and authorisation.

Access to servers, infrastructure and your data by us is controlled through a Bastion Host dedicated solely to service management (Administration Interface). Provision of the necessary credentials and access rights to our personnel is strictly based on need and uses fine grained control of rights, restricting access only to those component parts (of the server, infrastructure or your data) required by our personnel to carry out their duties from time to time.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We receive security and vulnerability alerts and we monitor security and vulnerability bulletins, including US-CERT National Cyber Awareness System. We use such information to continually assess the threats to our Service and implement any necessary mitigations, either through scheduled maintenance or immediate updates, dependent upon impact and severity.
Information security policies and processes We are committed to the protection of both our own and user data (including but not limited to all computers, mobile devices, networking equipment, software and data) and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of such data.

Insofar as user data in the Business Process Automation service, user acts as Data Controller in respect of any Personal Data contained within the service. To the extent that we process (as such term is defined in the Data Protection Act 1998) Personal Data under this Agreement, we act as the Data Processor in respect of any such Personal Data.

All changes to our service are assessed in terms of impacts on security and access management policies, access rights and firewall/security group rules and require signed off by a board level Director prior to deployment.

Further information is provided in our Service definition document.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We operate a configuration management system for all assets, including software and configuration.

All software is built and labelled so that it is uniquely identifiable.

Deployment of built software is controlled through the Administration Interface using automated deployment agents.

Deployment of all configuration, including security related configuration such as firewall rules and security policies, is controlled through the Administration Interface using automated deployment agents.

All changes, such as customer feature requests, defects and mitigations, are recorded, assessed and scheduled through planning according to priority and/or urgency and impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We manage vulnerabilities through a combination of inputs from our Governance framework and Incident management. Assessment and scheduling of mitigations is in accordance with Configuration and change management.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We operate a real-time monitoring and management system that tracks activity on all service interfaces, including all authentication and/or authorisation failures. Our personnel are automatically notified of all abnormal activity and/or patterns.
Incident management type Supplier-defined controls
Incident management approach We operate an incident management process to log, assign and diagnose incidents based upon urgency and impact, and to restore Service operation quickly with minimum disruption.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.04 to £0.085 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Time limited - 30 days
all functionality

Service documents

Return to top ↑