Workware SaaS Suite Overview - ActiveOps...services, BPOs, government, healthcare and other service...

Version: 6.2 Confidentiality: Confidential

Author: Declan Mulcahy activeops.com of 18

Workware SaaS Suite Overview

CONTENTS

1 Introduction ................................................................................................ 3

2 Workware SaaS Suite - Technology Stack ................................................... 4

2.1 Software Technology Stack ..................................................................................... 4

2.2 Hosted Environment ............................................................................................... 4

2.3 Resilience ................................................................................................................ 5

2.4 Monitoring & Alerting ............................................................................................. 6

2.5 Disaster Recovery ................................................................................................... 6

2.6 Backup .................................................................................................................... 6

3 Workware SaaS Suite – Client Endpoint Requirements .............................. 7

3.1 Web Browser Support ............................................................................................. 7

3.2 Additional Software Requirements ......................................................................... 7

3.3 Hardware devices for Users .................................................................................... 7

4 Workware SaaS Suite - Customer Information Security ............................. 8

4.1 ActiveOps Information Security ............................................................................... 8

4.2 Network Security .................................................................................................... 8

4.3 Server Security ........................................................................................................ 8

4.4 Data Centre Physical Security .................................................................................. 8

4.5 24x7 Monitoring ..................................................................................................... 9

4.6 Single Sign On – Identity Management .................................................................... 9

4.7 Client Data Set – Nature and Purpose ..................................................................... 9

4.8 Uploading data feeds using Connect ..................................................................... 10

4.9 Customer Data Segregation .................................................................................. 11

4.10 Data Encryption Standards .................................................................................... 11

4.11 Development & Test Environment Separation ...................................................... 11

4.12 Penetration Testing ............................................................................................... 11

4.13 Business Continuity Planning................................................................................. 11

4.13.1 BCP Approach ....................................................................................................................... 11

4.13.2 BCP Testing ........................................................................................................................... 12



4.13.3 Risks – Threat Analysis ........................................................................................................... 12

4.13.4 Critical Operation for Service Delivery.................................................................................... 13

4.13.5 Risk Mitigation – Data Centre Operations .............................................................................. 13

4.13.6 Risk mitigation – Data Centre Network and Security Operations ............................................ 13

4.13.7 Risk mitigation – Customer Support Operations ..................................................................... 13

4.13.8 Risk mitigation - Customers communications ......................................................................... 14

5 Workware SaaS Suite - Service Management ........................................... 15

5.1 Service Desk Contact Information ......................................................................... 15

5.2 Service Management ............................................................................................ 15

5.2.1 Service Availability ..................................................................................................................... 15

5.2.2 Planned and emergency maintenance ....................................................................................... 15

5.3 Incident Management ........................................................................................... 16

5.3.1 Severity Definitions.................................................................................................................... 16

5.3.2 Methods of Communication ...................................................................................................... 16

5.3.3 Ticketing management portal .................................................................................................... 16

5.3.4 Escalation .................................................................................................................................. 16

5.4 Change Management ............................................................................................ 17

5.5 Workware Support Exclusions ............................................................................... 17



1 Introduction

ActiveOps is a leading provider of digital operations management solutions to financial services, shared

services, BPOs, government, healthcare and other service industries. Digital Operations Management

solutions from ActiveOps are proven to manage capacity, improve efficiency, and optimise performance of

people and robots in service operations. Workware enables the optimisation of individuals and robots, teams

and departmental resources from a single application. Operations data is aggregated, analysed and presented

in real-time. Using Workware, managers can quantify work and time, identify capacity, identify processes to be

automated and plan resources.

Our cloud-based solutions are proven to optimise operations, reduce costs, increase capacity, and improve

service delivery and staff well-being. Customers can confidently prepare for and then run their service

operations taking full advantage of the benefits of transformation programmes including RPA, automation,

digitisation and outsourcing.

Workware is delivered as a cloud-based Software as a Service (SaaS) solution. Users of Workware only require

a standard internet browser and client organisations are not required to install or support any additional

hardware or software.

This document provides detail of the ActiveOps Workware SaaS Suite and support offering including:

• Workware SaaS Suite - Technology Stack

• Workware SaaS Suite - Endpoint Requirements

• Workware SaaS Suite - Customer Information Security

• Workware SaaS Suite - Service Management



2 Workware SaaS Suite - Technology Stack

2.1 Software Technology Stack

Workware is developed and maintained by ActiveOps. It is an ASP.NET application written and hosted on the

standard Microsoft technology stack. Software components of the Workware application and supporting tools

are illustrated in the Software Technology Stack below:

2.2 Hosted Environment

ActiveOps employs a fully resilient virtualised private cloud platform for all its customer environments.

Customer environments are hosted in Microsoft Azure data centres, each paired with a recovery data centre in

the same geography. ActiveOps currently operates in Microsoft data centres located in EMEA (UK), Asia Pacific

(Australia) and North America (U.S.). Data centres are owned and managed by Microsoft and are secured

against unauthorised access by strong encryption to which ActiveOps retains the keys. All customer databases

are maintained in a high-availability cluster with each part of the cluster in a different hardware node and

supplied with independent power, data and cooling. In addition, disks are replicated to a Disaster Recovery

environment which will be utilised to maintain provision of the service in the unlikely event that the

Production data centre becomes unavailable. Disaster Recovery (DR) environments are located in another

Microsoft Azure data centre a minimum of 300 miles from the primary data centre.

The fully resilient virtualised private cloud platform includes all production and non-production environments

to facilitate all functional and non-functional testing. The platform leverages enterprise-grade technologies

from well-established and trusted industry leaders.



ActiveOps global infrastructure platform comprises the following technologies:

• Microsoft Windows Server

• Microsoft Internet Information Services (IIS)

• Microsoft SQL Server (Reporting Services, Integration Services and Analysis Services).

2.3 Resilience

ActiveOps leverages all Microsoft technologies in a highly available, scalable and supportable configuration in

the delivery of the Workware service. This diagram provides an architectural overview of infrastructure in each

data centre:

Resilience is provided at every layer of the physical architecture as shown below:

Layer Technology Resilience

Physical Hypervisor Host

Highly available physical servers in multiple fault domains and availability domains. Specifications subject to change depending on current technology and customer needs. Encryption at disk level enabled.

Multiple physical servers in separate physical environments, with independent power, data and cooling. Block-level, low-latency disk replication to secondary data centre > 300 miles away.

Firewall Microsoft Azure-operated firewalls enforce strict network security group rules in a dedicated security layer of the Azure security stack. Windows firewall, working with endpoint antivirus, provides an additional layer of protection. DDoS protection is incorporated into the Azure security layer and provides the ability to null route DDoS traffic with no impact to legitimate traffic in many cases.

Fully independent, managed devices with 24/7 monitoring and a dedicated SOC/NOC team performing monitoring and maintenance.

Web Web traffic load balanced on a sticky-session basis between a highly available cluster of web servers with the ability to scale horizontally to meet demand.

Multiple, fully redundant physical devices provide a software-defined service in resilient sets.



Database Microsoft SQL Server Enterprise Edition (2014, 2016 or 2017 versions depending upon customer need). TDE database encryption enabled.

Configured as Active/Passive Cluster with automatic failover and block-based disk replication to secondary data centre.

2.4 Monitoring & Alerting

ActiveOps proactively monitors its Workware SaaS service and supporting infrastructure end-to-end to ensure

the customer experience is of a high standard and service levels are maintained.

Automated monitoring and alert management systems are used to report on service unavailability or service

degradation, informing 24x7 our Customer Services Team, who monitor and intervene where necessary.

2.5 Disaster Recovery

ActiveOps provides full Disaster Recovery provision to all client environments. This provision covers the entire

Workware Suite. The Disaster Recovery environment is provisioned within a paired secondary recovery data

centre in the same geographic region, the location of which will be agreed with the customer at onboarding.

Microsoft Azure Site Recovery is used to automatically replicate virtual machines to the secondary recovery

data centre protecting customer data in the case of a major incident. If a Disaster Recovery event has been

declared the failover of a customer’s environment is managed seamlessly by ActiveOps.

All security configuration is replicated between Production and Disaster Recovery environments.

2.6 Backup

In addition to the Disaster Recovery provision, full SQL backups of customer databases are taken daily, along

with transaction log backups taken every 15 minutes. Workware data backups are stored in Azure with locally-

redundant storage and are replicated to the recovery site data centre for that region. Backups can be used in

case a restore is required from a point in time in the past. Backups are not intended to be used in a Disaster

Recovery scenario.

The table below details the frequency and retention period for customer database backups:

Backup Rotation Retention

Daily 31 Days

Monthly 12 Months



3 Workware SaaS Suite – Client Endpoint Requirements

3.1 Web Browser Support

The Workware application is accessed securely over HTTPS using a standard web browser and no additional

software is required by users.

End users require a Microsoft Windows or Apple Mac device, meeting the endpoint Hardware minimum

standards described in section 3.3 and a supported web browser. For the optimal user experience, ActiveOps

strongly recommends the use of one of the following internet browsers: Microsoft Internet Explorer 11 and

Edge; Google Chrome (latest); and Safari 11.0.2 (Mac only).

Due to the ongoing rapid development and performance improvement of internet browsers, ActiveOps

encourages organisations to utilise the most recent versions of browsers that it is feasible for them to deploy

to user devices. Workware releases are tested against and support the following browser version

combinations:

1. Verify Data function performance may be sub-optimal

2. Advanced planning performance may be sub-optimal/display less rows of information per page to the user

3. QTLM Adhoc Report Builder features do not work. Other features may work in IE9 and IE10 and will be considered on a case-by-case

basis and no guarantee is offered that modern functionality can be made to work in obsolete web browsers.

3.2 Additional Software Requirements

User printing of reports: Workware requires a PDF reader installed on the user’s device to facilitate printing of

PDF formatted reports.

User export/import: Workware includes functionality to export and import data in Microsoft Excel format

which requires Microsoft Excel to be installed on the user’s device.

3.3 Hardware devices for Users

ActiveOps do not specify minimum hardware specifications for users’ desktop/laptop devices, however all

devices should be capable of running a standard internet browser. ActiveOps use client PCs with the following

specification when testing Workware software releases: Intel Core i5 dual core processor; 6GB RAM; and

display resolutions of 1366 x 768 and 1920 x 1080.

Workware Release

v5.7 v6.0 v6.1 v6.2

Google Chrome (version 30) ✓ ✓ ✓ ✓

Mozilla Firefox (version 25) ✓ ✓ ✓ ✓

Microsoft Edge ✓ ✓ ✓

Microsoft Internet Explorer 11 ✓ ✓ ✓ ✓

Microsoft Internet Explorer 10 ✓ ✓ ✓ 3

Microsoft Internet Explorer 9 ✓ ✓ ✓ 3

Microsoft Internet Explorer 8 ✓ ✓1,2

Microsoft Internet Explorer 7

Microsoft Internet Explorer 6



4 Workware SaaS Suite - Customer Information Security

4.1 ActiveOps Information Security

ActiveOps is committed to customer information security, not only within its SaaS environments but within its

wider business. ActiveOps has implemented and operates an Information Security Management System based

on industry best practice and certified against the ISO27001:2013 standard.

ActiveOps Information Security policy is applicable to all ActiveOps locations, employees, associates and third-

party suppliers engaged in the delivery of services owned by ActiveOps.

The scope of this policy, relevant to ActiveOps Global Hosting service provision includes (but is not limited to):

Human Resources Security; Physical Security; Infrastructure Security; Network Security; User Access Control;

Incident and Breach Management; Remote Access Management; System Monitoring and Event Management;

Vulnerability Management; Systems Development and Maintenance; Information Backup and Recovery; Legal

and Regulatory Compliance; and Data Protection.

4.2 Network Security

Access to the ActiveOps SaaS global network is controlled via a centralised directory service. This covers all

production and non-production client environments and allows access to be correctly delegated at the

appropriate (least) role-based privilege.

Servers are segregated on the network, by means of a resilient firewall solution. The location of servers within

the resulting network segments is determined based on the following criterion: Production Status; Role; and

Data Security Requirements.

4.3 Server Security

All servers are hardened in line with industry best practice at time of build. In addition to this, all Microsoft

security patches are tested and deployed within 1 month of release, under strict Change Management.

Patches can be released more frequently if the vulnerability they address is deemed to present a critical risk to

service.

4.4 Data Centre Physical Security

Ordinarily, data centre access is available to Microsoft’s Global Infrastructure Team members only, who

undergo strict vetting procedures and must present biometric identification to access the site. From time to

time, Microsoft may provide “tours” of the data centre to clients – in such cases, visitors are escorted at all

times and must be pre-approved and identified.

Microsoft’s Azure data centres have been approved by the governments of the United States, United Kingdom,

Australia, New Zealand, France, Germany and other nations for use with data up to and including “TOP

SECRET” classifications. Security measures required to meet this standard vary as threats are developed but

are extremely strict.



4.5 24x7 Monitoring

• Data centres are operational 24hrs a day x 7 days a week x 365 days a year (24x7x365) and are

manned around the clock by a qualified security force and engineering/operations personnel

• The Microsoft Azure network is monitored 24x7x365 by a team of dedicated network and network

security engineers, who respond to attacks and incidents in real-time.

4.6 Single Sign-On – Identity Management

Single sign-on (SSO) based on the industry standard SAML 2.0 is supported in Workware 6.2 and subsequent

releases. Here are some technical questions to be considered when integrating Workware with an Identity

Management System:

• Is Active Directory supported? Active Directory Federation Services supports SAML assertions and

claims, and therefore this solution will provide the ability to authenticate to Workware using Active

Directory logins.

• Are third party identity management services supported? Third party systems such as Okta are

available which provide SAML gateways for several providers including Active Directory, Office 365,

Google Apps for Enterprise and so on, which may provide more flexibility.

• Are internally signed certificates for signature verification supported? Yes, use of X.509 certificates

are recommended to verify the content of SAML responses.

• What information do you expect to be passed in the SAML assertion? The SSO solution expects a

unique identifier such as an email address, or domain username (if sourced from Active Directory). This

information should be sent as “NameID” attribute of the SAML response. This information is used to

map the user profile within Workware.

• How are SSO users provisioned in Workware? The users are added manually to Workware. The

Workware username field will need to match the “NameID” attribute passed in the SSO SAML

response.

• What information is required in Workware to support SAML 2.0? Information required includes:

Identity Provider SignIn URL; Identity Provider Issuer URL; Identity Provider Certificate (generated by

the issuer); and Identity Provider Logout URL (where supported by the issuer).

• Does Workware support multiple Issuers? Yes.

• Does Workware support SAML 1.0/1.1? No.

4.7 Client Data Set – Nature and Purpose

In summary, the nature and purpose of the client data set includes:

• A basic record of staff member details (including email address for password resets and potentially

staff ID numbers) and the organisation structure

• Record of work completed by staff members daily: volumes of production tasks completed, volumes

of ‘business outcomes’, time spent on non-production activities (meetings, training, etc.),staff

attendance details (time worked, overtime, absences by type)and indicative cost per hour by

employee position

• Operations performance reporting: individual, team and department performance metrics (work

throughput, utilisation, productivity, etc.)



• Forecasting and planning data: future forecasts of work receipt, staff availability and capacity plans

reflecting intended allocation of staff members.

The Workware data set does not include the following information unless specific tags, notes or comments are

created by the business:

• Specific details relating to transactions or production work items – i.e. customer details, account

numbers, transaction reference codes etc. The data held in our applications is limited to volumes of

activities (received, processed, in progress, etc.).

• Sensitive details relating to employees, i.e. such as would be found in a personnel record.

Where data is fed into the Workware application suite via automated interfaces from customer systems (e.g.

workflow/business-process-management tools), specific interface formats are used which ensure only data

needed by Workware suite is transmitted outside of the customer IT environment.

4.8 Uploading data feeds using Connect

Workware Connect, also called Connect, is a highly flexible method of uploading operational data to

Workware. Connect minimises the need for data to be entered manually into Workware where other systems

are used to capture data on activities completed and time used (e.g. BPM and HCM systems).

Workware Connect extracts data without duplicating, replacing or modifying any existing applications.

Workware Connect captures work volumes from BPM, workflow, HCM, telephony systems, software robots,

other line-of-business systems. Connect uses the feed file in combination with a mapping file to translate data

into information that can be recorded against the tasks and categories defined in Workware.

Users can securely upload data from any application (referred to here as a source system) to Workware, either

automatically or manually. Automated uploads are encrypted using SFTP which is used to securely transfer the

data from customer source systems to the Workware service.

Multiple feed files can be configured in Connect, and each feed file may have its own distinct format. Connect

can accept its data feeds in Comma Separated Variable (CSV), Microsoft Excel or XML formats. The maximum

size allowed for all data uploads is 20 megabytes (MB). Connect downloads data in Excel format.



4.9 Customer Data Segregation

Whilst customer environments are hosted on a shared infrastructure platform, each customer environment

consists of its own database and website which is not shared by other customers.

4.10 Data Encryption Standards

ActiveOps employs a fully resilient virtualised private cloud platform for all its customer environments. Data

centres are owned and managed by Microsoft and are secured against unauthorised access by strong

encryption to which ActiveOps retains the keys. The following encryption policies are in operation for the

Workware service:

• Workware data is encrypted at rest using Microsoft SQL Server TDE with AES-256 and Microsoft Azure

disk level encryption

• Customer data transferred to Workware using a web browser is secured in transit via HTTPS using

AES-256 with weak ciphers disabled

• Customer data transferred to Workware from source data systems is secured by SFTP using AES-256

SDCTR encryption

• Microsoft Azure encrypts all data transmitted between resources within the ActiveOps private cloud

network including between the Production and Recovery data centres

• Backups are encrypted using AES-256

• Custodian agreements applicable for employees who have access to cryptographic materials.

4.11 Development & Test Environment Separation

All production environments are separated from all non-production (development/test/UAT) environments at

a server level and are managed under strict change management. They are separated by a firewall in different

segments of the network. Development teams do not have access to client production data.

4.12 Penetration Testing

Web application and external infrastructure security testing is performed annually or when significant change

occurs. Testing is executed by a CHECK-certified third-party organisation.

These tests are performed to prove the security of the environment, thus preventing:

• Accidental loss or theft of customer information

• Loss or compromise of production systems availability

• Compromise in data integrity.

All reported issues are risk assessed and treated based on risk priority. Results of penetration testing are

shared with customers upon request.

4.13 Business Continuity Planning

4.13.1 BCP Approach

ActiveOps business continuity and disaster recovery plans record procedures and precautions taken by

ActiveOps to prevent – and effectively mitigate and recover from – a significant adverse event which disrupts

key operations.



For security and confidentiality, detailed procedures and plans which are only made available to those

responsible for their management and execution. However, this section is designed as an overall BCP and DR

plan, providing guidance within ActiveOps to ensure that risks have been evaluated and appropriate mitigation

strategies implemented.

ActiveOps has worked over the past number of years to mitigate and remove risks to the provision of its

service to Customers. Production and disaster recovery cloud hosting requirements are by Microsoft Azure

(www.microsoft.com), a world leader in data centre and cloud services. All critical supporting services required

in the provision the services to our customers, such as service desk management; email; document

management; voice and video communications; are implemented as highly available, redundant and secure

cloud-based solutions. There is no dependency on an office location to deliver the Workware service.

4.13.2 BCP Testing

The ActiveOps BCP and DR plan is tested in a phased approach, taking key elements to be tested, and ensuring

there is no or minimal impact to the service delivery to customers. For security and confidentiality, ActiveOps

is unable to share results for these tests externally. The following are the significant tests planned on a rolling

basis across all data centre and office locations:

Test Scenario Frequency Building Evacuation in key customer support locations Annual

Planned utility (power) service interruption in key customer support locations Annual

S1 Scenario impacting performance of Workware in production data centres Annual

DR – Web Access and Data unavailable at Production data centre – invoke DR Annual

Planned utility (network/ISP) service interruption in key office locations Annual

4.13.3 Risks – Threat Analysis

The BCP and DR plan is designed to manage the threats identified as part of a risk analysis process. Although

risks analysis has identified a threat with a likelihood of occurrence, it does not mean that they will occur.

ActiveOps has worked over the past number of years to mitigate and remove risks to the provision of its

service to Customers.

Risk: Threat Risk: Likelihood of occurrence

Utility (Power) failure at Data Centre High

Utility (Power) failure impacting ActiveOps Customer Support Medium

Severe Weather event at Data Centre Low

Severe Weather event impacting ActiveOps Customer Support Low Fire at Data Centre Low

Fire impacting ActiveOps Customer Support Low

Cyber Attack (Data Centre – Network) High

Cyber Attack impacting ActiveOps Customer Support Medium



4.13.4 Critical Operation for Service Delivery

The operations and systems involved in the delivery of the Workware service are summarised below including

the key prevention, contingency and mitigation strategies that ActiveOps have implemented to eliminate or

minimise customer impact or recover effected services after an adverse event:

Critical Operations Locations

Data Centre Operations (Microsoft) UK South (London), UK West (Cardiff) Australia East (Sydney), Australia South East (Melbourne), Australia Central (Canberra), US East-2 (Virginia), US West-2 (Washington State)

Network Security (All) All

Customer Support Operations Reading, Adelaide, Johannesburg, Limerick

Customer Communications Multiple

4.13.5 Risk Mitigation – Data Centre Operations

See section Workware SaaS Suite - Technology Stack for details on deployment architecture to support

resilience within the Production data centre as well Disaster Recovery measures in a regionally paired data

centre.

See https://docs.microsoft.com/en-us/azure/#pivot=architecture for an overview of the Microsoft Azure

platform.

4.13.6 Risk mitigation – Data Centre Network and Security Operations

Microsoft use innovative software to optimise network routing and to build and deploy network paths that are

as direct as possible between customers and their data and services. This reduces latency to the limits imposed

by the speed of light.

Azure traffic between our data centres stays on the Microsoft network and does not flow over the Internet.

This includes all traffic between Microsoft services anywhere in the world. For example, within Azure, traffic

between virtual machines, storage, and SQL communication traverses only the Microsoft network, regardless

of the source and destination region.

Microsoft employs a number of logical and physical security protocols to protect the Microsoft Azure

infrastructure and to mitigate denial of service, distributed denial of service and other attempts to penetrate

Microsoft Azure’s network infrastructure. Among other things, physical security includes biometric scans,

surveillance and restricted access to vulnerable areas; Logical security includes multi-factor authentication and

a variety of other applications and protocols, managed by geographically distributed Microsoft Operation

Centres providing 24x7x365 coverage.

4.13.7 Risk mitigation – Customer Support Operations

ActiveOps operates a helpdesk/support function which is staffed across its global offices, to provide maximum

coverage.

Office location risks (Flood, Electrical, Fire, Security) – all Customer Support Operations employees are located

in up-to-date modern office buildings. Access to buildings requires secure electronic access to gain entry to

building and offices. Additional security may be provided (e.g. CCTV monitoring, security on entrance). No

flood risks. Stable electrical power and telecommunications. Fire detectors installed. No high-risk potential fire

hazard items stored. Offices are located in commercial office districts with excellent public infrastructure.

https://docs.microsoft.com/en-us/azure/



Office Configuration – No risk/dependency created by office locations to production systems located in

Microsoft Azure data centres. Employees require a laptop, access to an internet connection and secure access

credentials to carry out their function. Redundant ISP configuration deployed with UPS for internet access.

Adverse events impacting office availability are mitigated as employees can operate from other designated

BCP locations.

4.13.8 Risk mitigation - Customers communications

Customers contact Customer Support Operations through the Customer Support portal, email or telephone.

Risks to each of these has been reduced and mitigated by hosting each of these services with leading service

providers.

Customer Support Portal: [email protected] allows customers to log issues/help requests is a highly

available cloud hosted service and accessed over the internet using a web browser. There is no dependency on

any office location.

Email and document management: managed is a highly available Microsoft Office365 cloud service accessible

over the internet using a web browser. There is no dependency on any office location.

Voice Communications: managed through hosted VOIP service providers. Multiple voice and video

communication alternatives are used including Microsoft Meetings, Microsoft Skype for Business and Mobiles.

There is no dependency on any office location.



5 Workware SaaS Suite - Service Management

5.1 Service Desk Contact Information

ActiveOps operates a full-service Helpdesk staffed in two geographical locations, Reading (UK) and Adelaide

(Australia), supported by other regional locations. Clients are assigned to their nominated support centre.

Method Contact Information Hours of Coverage

Email [email protected] Log requests 24x7x365. Response during Client’s nominated Helpdesk hours.

Web portal https://support.activeops.com Log requests 24x7x365. Response during Client’s nominated Helpdesk hours.

Help Desk - UK +44 (0) 118 907 5075 +27 (0) 11 447 1073 (from South Africa)

08:00 - 18:00 GMT (Monday to Friday) excluding UK national holidays1

Help Desk - Australia 1300 705 355 +61 8 707 00520 (from outside Australia)

08:00 - 18:00 ACDT (Monday to Friday) excluding Australian national holidays1

1ActiveOps operates a 24x7x365 out-of-hours support for S1 and S2 incidents. Clients can reach a member of the Customer Services Team

by calling the client’s nominated support centre phone number.

5.2 Service Management

5.2.1 Service Availability

Event Service Availability Target

RTO2 RPO3

Fail-over incident declared in Primary Data Centre. Recover service in Primary Data Centre.

99.8%1 4 Hours < 1 minute

Disaster Recovery declared in Primary Data Centre. Recover service in Secondary Data Centre

12 hours < 15 minutes

1ActiveOps has a global Service Availability target of 99.8% uptime on a 24x7x365 service, exclusive of planned and emergency

maintenance. Service Availability is measured over a Quarterly basis.

2Recovery Time Objective (RTO) – the maximum targeted time a client can expect before service is restored following a major incident.

3Recovery Point Objective (RPO) – the maximum target time for which a client can expect to lose data in the event of major incident.

5.2.2 Planned and emergency maintenance

• Whilst ActiveOps provides a fully resilient SaaS architecture, application upgrades will require service

to be unavailable for the duration of the procedure. An application upgrade will be undertaken

wherever possible within a planned and agreed downtime window.

• Notice of planned downtime is given as early as possible, with a minimum of five days provided.

mailto:[email protected]

https://support.activeops.com/



• Where emergency maintenance is necessary which will cause the service to be unavailable

notification will be supplied as early as possible.

5.3 Incident Management

5.3.1 Severity Definitions

Severity

Definition

Acknowledge (Hours)

Workaround (Hours)

Fix (Business Days)

Support Availability

Business Hours

Non-Business Hours

S1

Major Impact Loss of service or performance over a sustained period is such that the tool is rendered unusable. No workaround available.

1 12 30 ✓ ✓

S2

High Impact or critical Majority of users are unable to use some aspects of functionality. A workaround may be available although performance may be degraded or functionality limited.

1 48 45 ✓ ✓

S3

Medium Impact or non-critical Any defect where a workaround is available.

24

Reasonable and agreed

between parties


between parties

✓

S4

Low Impact or Change Request Non-functional defects that do not prevent use of the tool. Also, Service or Change requests.

48


between parties


between parties

✓

An issue shall be considered resolved for the purposes of SLA compliance and monitoring when a fix is made available to

the client by ActiveOps. Where the client opts to delay the implementation of a release containing a fix resulting in

symptoms continuing beyond the resolution times noted above, the SLA shall nonetheless be considered fulfilled.

5.3.2 Methods of Communication

The following methods of communication are available to alert ActiveOps of an incident:

• Phone call to client’s nominated support centre

• Client’s nominated support centre email address

• ActiveOps recommends Severity 1 & Severity 2 incidents should always be reported by means of a

phone call rather than email.

5.3.3 Ticketing management portal

All issues and incidents raised with ActiveOps are tracked with a ticket reference number and managed in the

customer services ticket management portal which is accessible by customers who can review and track status

of their tickets.

5.3.4 Escalation



In the event that escalation of an incident is required, a call should be placed with the nominated client’s

escalation contact.

5.4 Change Management

ActiveOps operates a strict Change Management policy across its production environment, which includes all

client production environments. Changes within this environment are formally submitted, reviewed and

involve a gated process before any change can be implemented.

All software and hardware changes go through a change request process to initiate any changes to production

systems. Change requests must be approved by the Change Advisory Board (CAB) and must successfully exit

the UAT test process. Production software will have completed a normal development and packaging release

cycle, be independently installed and tested in a User Acceptance Test (UAT) environment (which is based on a

production environment configuration) and finally deployed to Production where it's first customer is

ActiveOps.

Microsoft Windows Operating system patching follows a similar UAT testing process prior to deployment on

the Production systems. Significant deployment of new hardware (such as addition of a new data centre or

changes in an existing data centre) will go through a UAT testing plan and process prior to deployment in

Production and use by customers.

5.5 Workware Support Exclusions

• Client configurations which do not conform to the recommended Client Endpoint Requirements for

running Workware

• Client environments utilising a version of the Workware application greater than 24 months or over

two major releases old

• Any scripts, application, spreadsheet or 3rd party tools created by the client to extract, input or

manipulate Workware data

• Performance or accessibility issues generated by the client’s infrastructure

• Unsupported web browser compatibility and/or configuration issues

• Issues caused as a result of client’s policies to web pop-ups, JavaScript or use of 3rd party plug-ins

• Workware data corruptions or availability caused by a security violation at the client’s site

• Workware data corruptions or availability generated by users with inadequate Workware training

• Any untested assistive technologies.



Where this document has been classified as ‘Protected’, ‘Confidential’ or ‘Restricted’, the information contained

within it is confidential and should be treated as such. This document is uncontrolled if printed.

This document constitutes the intellectual and proprietary property of ActiveOps and is protected by intellectual

property laws and international intellectual property treaties.

While the author has made every effort to provide accurate information at the time this document was

produced, neither ActiveOps nor the author assumes any responsibility for errors or changes that occur after

production (unless explicitly contractually agreed between ActiveOps and the recipient of this document).

©2018 ActiveOps Limited.

One Valpy, 20 Valpy Street, Reading, RG1 1AR, UK +44 (0) 118 907 5000

Workware SaaS Suite Overview - ActiveOps...services, BPOs, government, healthcare and other service...

Documents

Transcript of Workware SaaS Suite Overview - ActiveOps...services, BPOs, government, healthcare and other service...