Savient Limited

Savitrace

A financial analysis tool that saves investigators and related professionals time, cost and complexity.
With an easy-to-use user interface, Savitrace increases investigative accuracy and reduces the time it takes to build legally defensible cases.
It enables accurate and incisive analysis on any financial data, without relying on external specialists.

Features

• Data Ingestion and ETL from paper or PDFs
• Financial analysis tools designed for non technical users
• Provision of financial data insights through graphical prompts
• Labelling of data subgroups
• Easy import and extraction
• Full audit enabled case creation and investigation
• Single sign on integration inc collaboration focused multi-user, role-based security
• Semantic powered comprehensive data searching
• Protection of original data against alteration or destruction
• Snapshot evidence in case data

Benefits

• Time Saving
• Cost Saving
• Increased evidence based legal defensibility
• Empowering Investigators
• Enhanced collaboration
• Currency and Language conversions, allowing single language case data
• Single, immutable, audited view of data
• Reduce data risk
• Reduce complexity and limitations of document focused solutions
• Reduce errors in investigation

£1,000 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.salter@savient.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

128864819061257

Contact

Matthew Salter
01174624796
matthew.salter@savient.uk.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Digitised Financial Data, such as Bank Statements, Company Accounts, ERP Extracts, Credit Card Statements,
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The service is provided 24/7, 365, is cloud deployed, with upgrades and maintenance scheduled outside of core operating hours.; Core Support hours are Monday - Friday 08:00 - 18:00, with out of hours support provided for high priority incidents.
• System requirements:
  • Internet enabled PC
  • Compliant Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Auto response; Priority 2 - 3 hours; Priority 3 - 5 working days; Priority 4 - 7 working days; Priority 1 support only at weekends
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Savitrace has the following support levels as part of its core contractual offering and included in the base charges:; Priority 1 - Auto response; Priority 2 - 3 hours; Priority 3 - 5 working days; Priority 4 - 7 working days; Priority 1 support only at weekends; All customers will have an account manager who will support case management and provide monthly usage reports and act as point of contact for escalations.; Our support desk is operated on rota by our Engineering team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Savitrace QuickStart programme is designed to ensure you are gaining benefits from the solution within 4 weeks. It focuses on establishing a dataset for your first investigation and providing all your team with the skills needed to maximise the power of the product. By week two you should have data from at least one investigation in the system with your team starting to process it, and by week 4 you will be wondering how you ever worked without Savitrace. ; ; Timeline; • Week 1 – System overview, configuration discussions, system training, data format training, agree baseline PID (Project Initiation Document); • Week 2 – Instigate data validation and upload cycles; • Week 3 – Guidance on initial processing / investigating; • Week 4 – Progress review, clarification and agreement of next steps, move to on-going support
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: On-line, in product
• End-of-contract data extraction: Clients can extract their data through the UI at any stage of the contract.; ; On termination if a full system extract or archive is required this can be provided in CSV format for a capped fee (no more than 10% of annual fees)
• End-of-contract process: Savient will decommission the clients environment within 30 working days of the end of contract, including any archives.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Support is provided on API implementation by the Savient team within the on-boarding phase.; APIs are provided for the ingestion and extraction of data including real-time data enrichment.; APIs are as defined and users can choice to utilise all or a subset of the data managed through them.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clients can customise many parts of the product themselves, or procure time from Savient to do so on their behalf.; Customisation is controlled via RBAC and training is provided as part of on-boarding.

Scaling

• Independence of resources: Savitrace uses a microservice framework, with horizontal auto scaling and load balancing.

Analytics

• Service usage metrics: Yes
• Metrics types: Data ingestion and translation volumes; User counts / access
• Reporting types:
  • API access
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All data can be extracted on a case by case base in CSV format.; API's are provide for real time integration
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Savient Alchemist data capture and QA tool

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Data within the cluster is not currently encrypted; Service Mesh Mutual TLS layer - On Roadmap for late 2024.

Availability and resilience

• Guaranteed availability: System access is 24/7 365, Core system support hours are Monday - Friday 08:00 - 20:00, within which clients should receive 99.9% availability. Extended guaranteed availability is available on request at an incremental cost.
• Approach to resilience: Available on request
• Outage reporting: The ecosystem has a range of monitoring tools and utilises auto service restarts (kubernetes).; Engineers are on call out of hours for P1 issues

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the application, management interfaces and support channels are restricted via a security gateway at the point of entry. All companies have their own URL that determines which Realm they login to. Each realm has its own set of users or federated identity provider (IdP), such as Microsoft 365.; On successful authentication with the company’s IdP, access is granted to the application, with authorization detail provided through the OpenID Connect (OIDC) protocol.
• Access restriction testing frequency: At least once a year
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Security Plus
• Information security policies and processes: Savient follows our Information Security Policy which is written to be ISO 27001 compliant. The key features of this are utilising RBAC to restrict access to data and functions based upon users job roles. Where practical we also use JIT (Just in Time) for elevated permissions on admin users typically these cover our cloud administration. Devices are governed with a LAPS policy to rotate admin passwords after each use and after a time period. Along side this we maintain disaster recovery processes and procedures. Where possible all policy features are enforced by operating system policies, compliance of devices and users is also monitored centrally by device management. We regularly review user access permissions to ensure that they are appropriate for the users job role, this is reviewed monthly or when an employees role changes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As of Jan 2025 all processes will be covered by ISO27001.; This includes but is not limited to:; Release management; Change management, ; Pentest reference; Security and vulnerability monitoring and remediation
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: OWASP is used then we take the approach of:; Next release, unless critical then within 5 days of notification
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Savients environments are monitored by Endpoint protection agents that report into the MS365 Security portal. This provides a single tool to investigate malware, identify accounts that are operating outside of their normal patterns and any configuration risks on our systems. The dashboards are checked daily by the technical director and monitored throughout working hours by our IT supplier. Depending on the severity of the incident we would block a compromised account, quarantine any effected devices, assess what data was accessed, inform the ICO & any affected customers. Our response time is under 1 working day.
• Incident management type: Supplier-defined controls
• Incident management approach: Savient takes a proactive approach to P1 and P2 issues, ensuring remediation and client awareness through the account management reporting channels.; All Major Incidents will have a published MIR within 30 days of remediation that is shared with all effected customers.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to reducing the company’s environmental impact and have made our pledge and joined other businesses on our SME climate commitment journey.; ; We achieved Silver CSR Accreditation in 2021 which links to measurable goals relating to government ESGs and continue to build on our successes leading to achieving International CSR excellence in 2022, being recognised as a CSR World Leader in 2022 and receiving a Silver Green World Award in 2023. ; ; • Passive infrared sensor throughout the offices so lights aren’t left on.; • Rointe app controlled and managed electric consumption heating with eco settings, usage data and remotely control methods.; • Recondited scaffolding beams for our kitchen table and bench from a local supplier.; • We use ‘Who gives a crap’ toilet rolls, kitchen rolls - 100% renewable and sustainable bamboo, plastic free products, 50% of profits donated and biodegradable.; • We use eco- friendly handwash with sea minerals in recyclable bottles.; • We use ‘Smol’ dishwasher tablets which are 100% plastic-free packaging, uses fewer chemicals, reducing carbon, along with the washing up liquid in re-useable bottles which is plant based and biodegradable.; • We use coffee pod recycling.; • Our meeting table, chairs and pedestals purchased are refurbished, recycled, and re-used office furniture.; • Working with local merchandise supplier as well as considering a range of sustainable products like re-usable bottles, recyclable notebook, bamboo pens as well.; • Bamboo and glass kitchen storage containers.; • Re-use, recycle IT equipment to reduce waste and support local charities.; • We offer general recycling in the office to reduce landfill waste.; • We offer our team an electric car scheme and cycle to work scheme and have installed a bike rack at the offices to encourage others to cycle to work and take advantage of the scheme.

  Tackling economic inequality

  Savient brings a team with extensive knowledge and experience of systems, architecture, and security patterns in the customer domain, combining this with technical innovation through our research and development programme in which we work with new and existing technologies to identify and use the best and most appropriate for our own product development and client project work.; Savient offer further value add from our R&D programme, with expertise in the development of scalable data platforms with built in ecosystem of services for rapid development and deployment of business applications, and in forensic accounting applications used in fraud investigation.; Our CSR strategy has provided all members of the Savient team with opportunities to be involved in outreach events where we have supported and encouraged students that reflects the diverse communities we live in from Worcestershire and Gloucestershire.; Our Savient Academy has provided an opportunity for mentorship of employees from different backgrounds with mentors who can help them to develop their careers. It is a great way to build relationships and create a more diverse and inclusive workplace.; Savient was involved in the Empower Cyber event in Gloucestershire in November 2023 at the Sport Oxstalls Sport Park in Gloucester. It was the largest event of its kind with over 1,300 female year 8 students attending from a wide range of local Gloucestershire schools. We continue to build our relationship with CyberFirst Schools, STEM Ambassadors, Worcestershire Local Enterprise Partnership and CyNam in our eco-system.; Teo members of the Savient team are volunteering enterprise advisers who volunteer to work with local schools to provide strategic support and expertise in the business world and careers. As one as one member of the team as a STEM Ambassador and completed over 30 hours of volunteering in the academic year 2023.

  Equal opportunity

  We are committed to providing opportunities for young people to develop their skills and gain experience in the workplace and have a pro-active early careers program.; This year we have employed two level 4 software developer apprentices along with three digital, production and design T-level students from Cirencester College completing their 315-hour industry placement roles focusing on software engineering and developing our outreach workshops.; We are continuing to work with local universities. We are supporting both the University of Gloucestershire and the University of Worcester. ; At the University of Worcester, we are seen as industry expects and attend the annual Computing project showcase for all the final year Computing project students. This year we saw up to 16 unique and creative student projects to be presented, addressing a wide variety of real-world challenges through the application of technology. The event an opportunity for students to demonstrate their employability skills including technical expertise, presentation, and communications skills. ; ; We have a student from the University of Gloucestershire who will be taking a placement year from his computing degree to work with the Savient team. ; In August 2023 three members of the team completed our second Savient Academy. It is a program that provides training and support to junior software developers who are interested in a career in software development. The program is designed to junior software developers to develop their skills and knowledge they need to succeed in the tech industry.; Our Savient Academy is open to students of all ages and backgrounds. There are no formal entry requirements, but students are expected to have a basic understanding of computer science and programming.; We are looking to expand our early careers program in the future, by offering more apprenticeships, graduate schemes and continuing to work with local educational providers.

  Wellbeing

  We have several measures in place to improve the physical and mental well-being of our employees:; ; • Flexible working hours: We offer our employees the flexibility to work the hours that best suit their needs, which can help to reduce stress and improve work-life balance.; • Mental health support: We offer our employees access to a confidential mental health support program, through our employee assistance program which can provide them with support. We raise awareness and share resources during mental health awareness weeks.; • Physical activity: We encourage our employees to be physically active by offering discounts on health eating, gym memberships, days out through our employee assistance program. We provide employees with opportunities to participate in physical activities during work hours for example of keep active week where we actively encourage time away from laptops. We share the monthly Action for Happiness calendars with the team. We promote the cycle to work scheme as a healthy and financial benefit.; • Nutritional support: We offer our employees access to healthy snacks with introducing a fruit bowl in the office and we provide resources and information about nutrition and healthy eating via our SharePoint and employee assistance program.; • Stress management: We share information and resources on stress management through awareness days and weeks, such as mindfulness and meditation.; • Employee assistance program: We offer our employees access to an employee assistance program for all employees, which can provide them with support with a variety of issues, including stress, mental health, family, relationship, and financial problems.; ; We regularly measure the effectiveness of our employee well-being initiatives by surveying our employees about their satisfaction with our programs and their overall well-being. We use this feedback to improve to our programs and to ensure that they are meeting the needs of our employees.

Pricing

• Price: £1,000 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 2/4 week access to the system, including ingest of trial data, all functionality provide to assessment team, daily stand-ups, completion report linked back to agreed success criteria, provision of business case template.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.salter@savient.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.