I would need to answer some questions of technical nature, related to computer security, from one of my potential clients. I leave the answers that we have prepared so far. Before sending the e-mail I ask for someone to help me to validate / complete / correct them).
Related to Traceability:
How is controlled the release into production process?
UIPath is aligned with production methods and SDLC (Software Development Life Cycle). It works with SVN, which allows you to manage a deployment policy.
For licenses in back mode, with Orchestrator:
Is there traceability regarding the access to the application, and in the creation and execution of tasks? What is the scope of this traceability?
At Orchestrator level there is traceability. And at the level of each Robot, there is also traceability, as we have already explained.
Are there roles, (administrator, auditor, task manager, etc.)?
Yes, there are roles. But it is necessary to verify if they match the roles you indicated in your question.
For licenses in back mode, without Orchestrator:
How is performed the release into production?, Who does it and where are stored the traces of the creation and execution of tasks?
As indicated, you can use SVN, so you can use development, test, pre and production branches. On the other hand the authorized person can release directly. (We need to answer also where are stored the traces)
Thank you all for your help!