Embridge Consulting (UK) Ltd

Proactis Marketplace

Proactis Marketplace enables your organisation to implement defined, guided buying practices for employees. Proactis Marketplace includes the tools required to manage both suppliers’ and in-house catalogues, provide access to authorised supplier websites, and utilise external marketplaces, all while ensuring the buying process is still controlled within your existing P2P solution.

Features

• Cloud-based solution with web browser access
• Use negotiated supplier catalogues to control content visibility.
• Drive best-practise purchasing through preferred suppliers.
• Compare products to always ensure the best-value.
• Punch-out to supplier's eCommerce websites for browsing and purchasing.
• Automatically track common items and make available for quick purchase.
• Manage and approve supplier catalogues before publishing them to users.
• Promote supplier self-service for catalogue uploads and amendments.
• Send orders direct from the Marketplace and accept e-Invoices back.
• Streamline RFQ processes for buying non-standard products/services.

Benefits

• Greater buyer adoption of your organisation’s purchasing process.
• Increased savings from greater on-contract spend.
• Decreased maverick buying of unnecessary or unauthorised goods and services.
• Increased value and savings from better buyer purchase decisions.
• Higher levels of control and spend visibility within categories.
• Reduced administrative cost within Procurement.
• Maximise investment in existing purchasing platforms through seamless integration.
• More value-added time freed up for buyers.

£17,995.00 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

132057464055293

Contact

Emma O'Brien
01474555505
enquiries@embridgeconsulting.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Proactis Sourcing, Proactis Supplier Management, Proactis Purchase to Pay (P2P), Proactis Accounts Payable Automation, Proactis Contract Management.
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements: All services are browser based using latest version of browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For system related incident reporting/resolution, users raise a technical support ticket via the Proactis Support System at https://proactisservicedesk.com or email servicesdesk@proactisservicedesk.com at any time. The Support System is available 24/7/365, though tickets are only actioned during Helpdesk support hours (9:00am-5:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays). Tickets raised are managed in accordance with ticket priority levels/severity, linked to SLA's for response and resolution times as contained within the Proactis standard contract. The system is automatically monitored around the clock and issues escalated to relevant teams/individuals for investigation and remediation
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to support and maintenance services is provided as part of the annual subscription fees. For all system related incident reporting and resolution, using secure, unique login details, users simply need to raise a technical support ticket in the first instance using the online Proactis Support System at https://proactisservicedesk.com. An Issue Resolution process with associated SLAs would then be followed. All service desk personnel are technical engineers equipped to deal with technical issues. The Customer Support Helpdesk is available to provide support on system issues, i.e., errors seen in the system and/or if core functionality is not working as intended. They will also be the first point of contact if you wish to raise a change/enhancement to the solution. The Helpdesk operates from 9:00am until 5:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays. An Account Manager becomes the first point of contact for all commercial, contract and day to day matters that are typically ‘non-support’ orientated once the solution is live.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Proactis provides onsite training and/or online training (via Teams). Proactis approaches training based on a ‘Train the Trainer’ methodology, the benefit of which is ensuring a thorough understanding of the solution resides within the Customer's organisation. ; ; Proactis will provide training on the use of the system to the intended ‘Trainer’s’ of the end users, i.e., the System Administrator. Training is delivered on a standard training environment, and additionally, before entering UAT, the project team steps through the configuration with the Consultant on their environment. The aim is to ensure System Administrators have the skillset and tools to make the best use of the functionality, so they can then be self-sufficient in disseminating the training information to the end users. ; ; Proactis also adopts a knowledge transfer approach, ensuring the project team users are hands on with the application throughout the project by being involved in the configuration, build and testing, thereby ensuring self-sufficiency post project.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: Proactis provides an off-boarding process to provision complete copies of the Customer's data, normally in SQL backup format but other formats can be agreed.
• End-of-contract process: Within 14 days of termination Proactis will provide the Customer, in encrypted format, a full copy of their data in SQL format (other formats are available at additional costs). This is performed once, FOC, as part of standard off-boarding processes.; ; Any additional works required, e.g. extract of documents from data, querying or additional extracts of specific data are additionally charged based on requirements. ; ; Once data has been successfully transferred, Proactis will either destroy any data still in its possession, or anonymise if system integrity is affected by deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Service Interface allows users (Administrators, Buyers and Suppliers) to access the application via a GUI. Administrators can configure, manage and monitor all aspects of the system relating to their organisation. Buyers can create, modify and view basket, orders, receipts, invoices and all data relating to their purchasing activities. Suppliers can receive and respond to order and invoices relating to their organisation.
• Accessibility standards: None or don’t know
• Description of accessibility: Proactis supports the requirement to make service functionality equally accessible for everyone. Proactis Research and Development (R&D) has invested significantly in developing solutions to materially comply with the WCAG 2.0 guidelines, and continues its approach in respective functional areas to further develop functionality to comply with components of WCAG 2.1. You can find the Proactis Accessibility Statements on our website at https://www.proactis.com/uk/policies/product-accessibility/
• Accessibility testing: Proactis has tested using these technologies ourselves without involving third parties.
• API: Yes
• What users can and can't do using the API: Proactis solutions make use of various APIs for different operational purposes, including information and data management as well as integration into third-party line of business systems.; ; Across the solution set, SOAP and RESTful APIs are used and fully documented. Proactis will make use of these APIs as part of any implementation, although customers will be able to consume them themselves for use in additional integrations etc.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Whilst Proactis solutions are customisable, in general, the preferred mechanism to meeting an organisation’s solution requirements would be to address these through configuration in the first instance, and only look to customise beyond the out of the box functionality where this would be the only way to deliver an optimal solution.; ; The level of configuration available in the Proactis platform ensures that Customers can build both their current 'as-is' processes, as well as their future 'to-be' processes. This can be done by the Customer themselves, Proactis Consultants or any other suitable third-party.

Scaling

• Independence of resources: Proactis operates a completely elastic hosted environment with enterprise level monitoring behind which allows instant ballooning of resources and real-time and historic usage metrics for accurate requirement provisioning.

Analytics

• Service usage metrics: Yes
• Metrics types: These are configurable depending on the customer requirements.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Supplier Management, AP Automation, Marketplace, P2P, Contract Management, Sourcing

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Access to the hosted environment is only by approved Proactis personnel commensurate to their requirement in order to provision the service. All data is encrypted at rest within ISO27001 certified data centres. This is implemented via hardware assisted heads on the storage arrays and is applied to all datastores. All data is held on a secure back end network and securables (e.g. passwords etc) are 1 way salt encrypted. The data encryption Algorithm used is AES-256-XTS.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All our solutions come with advanced reporting tools allowing the customer to extract the data they require in the format they require it in.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • RTF
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • EDI
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Availability of the Hosted Services, excluding scheduled downtime, shall be 99.95% during Working Hours; and 99.9% at all other times. Service Credits are payable on any failure of service that does not meet expect SLA’s. Please see Maintenance and Support Services Terms attached.
• Approach to resilience: Proactis operates its systems under no single point of failure. Additionally, warm DR systems operate in a separate data-centre, meaning live systems can be brought back with a 6hour RTO and 30minute RPO.
• Outage reporting: Proactis will notify any Customers affected should an outage occur by contacting the Customer's nominated representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces, and access to them, are fully controlled by the customer who can assign roles and responsibilities as required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus Isoquar
• ISO/IEC 27001 accreditation date: Last Audited November 15, 2021
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISAE 3402 Type 1
  • Registered as a Data Controller with ICO. Registration number: Z1093431
  • Organisational & technical controls in place ensure GDPR compliance.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISAE 3402 Type 1; Cyber Essentials and Cyber Essentials Plus; Registered as a Data Controller with the Information Commissioner’s Office (ICO). Registration number: Z1093431; Organisational and technical controls are in place to ensure GDPR compliance.
• Information security policies and processes: Proactis is certificated to ISO 27001 and has a comprehensive suite of IS policies which are reviewed and updated each year internally by the Compliance and Quality Manager along with the IT Availability Services Director who has overall responsibility for leading Proactis’ Information Security function. External audits of the system and processes are undertaken by Alcumus Isoqar, a UKAS accredited auditor on an annual basis.; ; Security governance forms part of our certification. All new starters are required to read and confirm adherence to all policies and procedures, and at least annually all staff members must sign to state they have read and understood the IS policies and any updates during the period. Any failure is reported at Board level. ; ; As part of the externally-audited standards, Proactis has a dedicated, independent, Compliance Team, headed by the Compliance Manager, who is also the Proactis Data Protection Officer. The team reports directly to the Proactis Board. The Compliance Team is also supported by key personnel within the ITAS function (IT Availability Services).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All source code is tracked through life using industry standard source control, which logs all changes made and impacts. Additionally, all changes made to our hosted environments follow a full electronic change control process. Both are audited as part of our ISO27001 accreditations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Risk assessments are carried out at least annually by ITAS and Compliance. The infrastructure undergoes separate penetration tests conducted by an independent third party, with any outputs being assigned to a remediation plan. We use a variety of sources to recognise potential threats. Internal and external vulnerability scans of our environments for known threats are undertaken using industry-leading software, with reports compiled and reviewed on a monthly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Through our ISO/ISAE requirements, we have specific processes and procedures in place to actively monitor and react to any potential compromises, as does our Service Provider. This process includes Board Level notification of any such suspected breaches. If such a compromise is discovered then an immediate impact assessment is performed and necessary actions taken based on this review. Normally we would inform any customers affected as soon as is practical, except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Proactis documented Incident Management process is audited through our ISO/ISAE accreditations. There is scope designed within the process to allow for RCAs, forensic analysis and so forth, based on the type and severity of incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  In accordance with the current formulation of the Proactis Environmental, Social and Governance processes, Proactis has outlined a commitment to comply with relevant legislation and to continually act to minimise the environmental impact of our business. Specific environmental objectives include to adopt responsible fuel and energy management practices to reduce energy consumption, and to take measures to reduce waste at source and recycle where possible. We aim to pursue best practise green procurement, assessing sustainability, Corporate Social Responsibility (CSR) and, wherever possible and in accordance with our procurement criteria, adopt an increasingly localised supply chain. Proactis has made a commitment to be Net Zero mid-to late 2020s and is in the process of documenting a formal ESG (Environmental, Social and Governance) strategy across the business, which will include formal targets and metrics across all 3 areas. This is championed by the Chief Financial Officer (CFO), who is the Board representative for Compliance and Governance. A Proactis Electric Vehicles Scheme is in place in the UK, with a number of employees already taking advantage of the initiative. Offering such a scheme highlights our dedication to our core values in support of Our Planet approach - to make decisions and policies that protect our planet.
• Covid-19 recovery:

  Covid-19 recovery

  As Covid-19 brought rise to the need to work from home, organisations recognised the need to adapt previously manual processes so people could work remotely. This need sparked a more urgent drive for digital transformation. ; ; The whole ethos of Proactis solutions is to automate Source to Pay processes, moving away from admin-heavy, manually intensive processes, while reducing the risk of human error. By making information transparent and easily and securely accessible online, stakeholders can access and collaborate on projects without needing to be in the office. ; ; This became more important during the pandemic and Proactis Customers in Public, Private and Not for Profit sector organisations were able to reap the benefits of the systems they had in place, as referenced by a Proactis Customer in the Education sector:; ; “Overall, the obvious, and most relevant benefit in the midst of the COVID-19 situation is that we can access everything, in the same place, from anywhere. The Proactis solutions have been hugely helpful. We moved off site very quickly, but we were able to do this with confidence that none of our processes would suffer as a result. Supplier and Contract Management, eProcurement and now all invoicing processes are digital.“; ; Other Proactis customers also adopted additional modules that would support their digital transformation journey, which in turn helped to strengthen their business operations and increase agility during challenging times. This included adopting Proactis Supplier Management which, along with Contract Management and Sourcing modules, has helped to provide greater visibility and understanding of the supply chain to assist buyers in strengthening relationships with suppliers, reducing risk and enhancing overall compliance.; ; Within Proactis, processes have been put in place to support Covid-19 recovery including effective social distancing, remote working, safe return to office working, sustainable travel solutions and greater consideration given to local suppliers.
• Tackling economic inequality:

  Tackling economic inequality

  Supply chain compliance is assured as Proactis expects our suppliers to comply with the applicable legislation and regulations we are governed by, including human rights, modern slavery, environment and privacy. Proactis is committed to being an open and transparent organisation and seeks partners and suppliers who share this commitment. ; ; The Proactis solutions, inclusive of Supplier Management and the Proactis Tenders Direct portal, naturally encourage greater engagement and collaboration with suppliers to deliver improved control, accountability, and measurability of the relationships with the buying organisation. Proactis solution ‘bePayd’ is very much aimed at supporting SME’s and helping them get their invoices paid sooner than they otherwise would have, critical in these uncertain times. ; ; Proactis provides assurance to both Customers and Suppliers that it adheres to all necessary standards appropriate to the undertaking of its activities. Certifications held by Proactis include Cyber Essentials Plus, ISO 27001 Information Security Management and ISO 9001 Quality Management.; ; Proactis aims to support a sustainable eco-system within the communities in which it operates. Many employees live locally and Proactis supports a sustainable travel policy for all employees. Support for the local economy is encouraged with sourcing from local suppliers a key consideration in procurement activity where appropriate.; ; In the UK the company supports and actively encourages employee participation in supporting local and national charities including Wetherby & District Foodbank, The Archie Foundation and Save the Children, through activities such as Dragon Boat Challenge, Christmas Jumper Day, Bake Off challenges. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.
• Equal opportunity:

  Equal opportunity

  Proactis promotes a working environment in which diversity is recognised, valued and encouraged. We acknowledge the multi-cultural and diverse nature of the UK workforce and society in general, and are committed to principles of fairness and mutual respect where everyone accepts the concept of individual responsibility. ; ; Proactis recognises that discrimination in the workplace in any form is unacceptable and, in most cases, unlawful. Company policy seeks to ensure that all job applicants, contractors and employees are treated fairly and without favour or prejudice. We are committed to applying this throughout all areas of employment. This includes recruitment and selection, training and development, benefits, rewards and promotion, dealing with grievances and disciplinary issues. ; ; The Proactis Equal Opportunities and Diversity policy complies with current legislation. We review it regularly and update it if the law changes. However, we recognise that equality of opportunity is best achieved by day to day commitment throughout the organisation. We offer support and training where necessary to achieve and maintain this. ; ; As a software company, Proactis does not have an extensive range of local or international suppliers where modern slavery or human trafficking would generally be a material risk. Regardless, Proactis is committed to acting ethically and with integrity in all our business relationships. Proactis has implemented improvements to internal systems and controls and how we engage with our supplier base to ensure that they will be compliant with the Act, to ensure slavery and human trafficking does not take place anywhere in our business or supply chains.
• Wellbeing:

  Wellbeing

  Proactis recognises that by providing a safe, stimulating working environment and encouraging staff to achieve their maximum potential, this will reflect in the culture of our organisation, the solutions we deliver and the relationships we have with customers. Listening to and obtaining regular feedback from staff is as important as listening to our customers.; ; Backed by a commitment from the Executive team to continually improve, Proactis undertakes annual employee engagement surveys. Following positive action taken, results show year on year improvements in engagement and positivity, with a >30 Net Promoter Score achieved earlier than the original target. ; ; Ensuring and maintaining the Mental Health of our employees is high on our agenda. In support of this a number of staff have completed a Mental Health First Aider course, so that they are able to identify others in need and offer support in relation to where they can get help. The MHFA team also undertakes projects to actively encourage all our people to be aware of the importance of their mental health by presenting lunch & learn sessions, communicating team activities via the ‘OneVoice’ employee newsletter, and providing monthly updates from MHFA England and MHFA Scotland. ; ; Internal communication channels have been established to encourage staff development and knowledge sharing. These include regular line manager catch-ups and Team meetings, lunch & learn sessions and companywide training sessions. In turn, these encourage sharing ideas that feed into the development of solutions for customers. ; ; Flexible and home working is supported, standardised performance appraisals are undertaken and include a values-based review with a reward and recognition programme in place. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.

Pricing

• Price: £17,995.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.