# Blue Prism POC (BINC) – Working Plan (IT-only)

Last updated: 2026-02-05 00:56 ET

## 1) Objective
Validate feasibility and value of a **non-production** Blue Prism POC led by **Arvato Connect**, with **Arvato Systems** providing the managed server footprint.

## 2) Scope (locked)
- Non-production only
- 1 Blue Prism application server
- 1 SQL server
- 2 client endpoints total (runtime robot + monitoring/control), treated as lab machines
- UI automation only. No API integrations. No direct DB access to business systems.
- Fictitious users for testing
- MFA required

## 3) Stakeholders (current)
- BINC IT lead: Adner
- Arvato Systems (hosting / infra / managed services): Dominik Schmidt (cc: Angelika Walther)
- Arvato Connect (application ownership): Claire (confirm full name)
- Internal approver for cost: Maysa Dahdouli (decision thread)

## 4) Current feasibility position (latest)
Dominik indicates the model works with these boundaries.
- Clients access servers via VPN, Cloud Connect, or Bastion
- **Only the 2 servers are managed by Arvato Systems**
- Endpoints are **self-hosted**. Compliance responsibility sits with BINC
- Policy constraint: access to Windows servers and SQL is only possible from **BGROUP-managed** client devices
- Plan: dedicate **two BGROUP-managed physical endpoints** as POC lab machines. BINC owns compliance

## 5) Cost position (order of magnitude)
From Arvato Systems.
- One-time setup: ~€1,700
- Monthly managed services: ~€1,200
- Estimated Azure consumption: ~€800
- Planning run rate: ~€2,000 per month (plus one-time setup)
- USD rough equivalent (for internal awareness only; FX varies): ~$1.9k one-time, ~$2.2k monthly

## 6) Key risk: Identity and technical accounts (do not repeat BincBluestar churn)
Known failure mode.
- Password policy conflicts and lockouts
- Unclear reset ownership and SLA
- Bastion access failures

Mitigation requirement before build.
- Define: technical account ownership, reset process, rotation process, and where credentials are stored
- Run a connectivity and access test (endpoints -> bastion/vpn -> servers -> SQL) before Blue Prism work begins

## 7) Gating decisions (must close)
### Gate A: Client model acceptance (Arvato Systems)
- Confirm BGROUP-managed physical endpoints are acceptable for “self-hosted client” model

### Gate B: Identity model and counts (Arvato Connect + Arvato Systems)
- Arvato Connect confirms how many access identities are needed
- BINC creates corresponding standard BGROUP users
- Arvato Systems creates technical accounts mapped to those users and grants rights

### Gate C: Cost approval (BINC)
- Maysa decides whether to proceed on the cost basis and whether additional stakeholders must be informed

## 8) Milestones (draft)
1. Written confirmation from Dominik on client model + lead time
2. Arvato Connect provides minimum access identities and endpoint requirements
3. Internal cost approval obtained
4. User provisioning initiated (BINC standard users + Arvato Systems technical accounts)
5. Servers provisioned (app + SQL) and connectivity enabled
6. Access test completed end-to-end (incl. MFA assumptions)
7. Arvato Connect begins Blue Prism install/config
8. POC execution window (define start/end)
9. POC readout: value, risks, recommendation

## 9) Open items (current)
- Dominik: confirm BGROUP-managed lab endpoints acceptable for self-hosted model and provide lead time
- Claire (Arvato Connect): confirm
  - number of individuals needing access, and access level
  - number of technical accounts needed for server + SQL access
  - any unattended robot requirements
  - endpoint requirements (Windows version, local admin, screen lock, MFA expectations)
- Maysa: approve cost basis or advise escalation path

## 10) Next action (tomorrow)
- Send cost decision note to Maysa (if not already sent)
- Follow up with Dominik for confirmation + lead time
- Follow up with Claire for identity counts and endpoint requirements