Indigo& Limited

IAND, the integrated SRM platform to drive high performing relationships at scale

IAND tackles the challenges of fragmented systems & increasing complexity of supplier management. The platform connects data & systems to give a single place to explore & have intelligence on your suppliers. Integrated collaboration features automate account management, helping you build high performing, innovative and resilient supply chains at scale.


  • Automated insights reporting on supplier KPIs: risk, performance, innovation
  • Social value reporting: SME spend, carbon, diversity & payment days
  • Searchable supplier directory (map & list based) and category management
  • Supplier onboarding, document and compliance management
  • Manage bids, mini tenders and multi stage opportunities
  • Manage framework delivery incl. supplier communications
  • Project controls and contract management (including deliverables)
  • Integrated 360 degree performance feedback supports ISO44001
  • Integrated email notifications and risk alerts
  • Dedicated support site with guides & resources


  • Connects systems: tackling fragmentation & delivering rapid supplier intelligence
  • Full visibility on supplier relationships from risk to ESG
  • Simple to use: intuitive platform drives adoption, SME friendly
  • Transparency - one place to manage your full supplier relationships
  • Automation - removes admin, saves time, integrated audit trail
  • Productivity - workflow automation delivers 10x ROI
  • Controls - integrated compliance, cost and risk controls
  • Innovation - see innovation capacity & track adoption
  • Cloud - plug & play, works on all devices OOTB
  • Integrator - collaborative ecosystem management for joint ventures & alliances


£475.00 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 5 1 1 4 7 7 4 5 8 9 6 8 7 2


Indigo& Limited Elspeth Finch MBE FREng
Telephone: 02038860866

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The IAND platform is an extension to your finance and procurement systems, providing an integrator to connect multiple systems together; creating a consolidated view of each of your suppliers across buying, spend, risk, performance and social value.
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Modern web-browser
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond as soon as possible.
Email support is open 9am - 5:30pm on weekdays.
It is closed on weekends and bank holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Included within all service packages we provide the following:
Online self-serve support/knowledge base 24 hours;
Telephone support between 09:00 and 17:30;
E-mail support between 09:00 and 17:30;
Chat support between 09:00 and 17:30;
All support issues are dealt with by our in-house team. Priority tickets have an SLA of 6 hours vs. the standard SLA of 24 hours.

Additional support service hours are available on request. Core and Custom Portfolios have a dedicated Account Manager.
Support available to third parties

Onboarding and offboarding

Getting started
There is a rich set of training resources available on the IAND Academy providing documentation and training guides.

When client organisations start using the service they are assigned an account manager who will set up the organisation account on IAND and provide training, via a webinar, to key users. The platform is designed to be intuitive and easy to use and most users require no training. We do however encourage users to attend one of our regular open training webinars so that they can get the most value from their use of the platform.

Tailored webinars and on-site support are additional services priced at SFIA day rates.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of a contract or should a client decide to discontinue using the platform, we will export their data within 30 days on receipt of their request. We offer a .csv file to support importing to other systems.

The Account Manager would work with the client to define their requirements during this period and ensure they are satisfied with the data they receive.
End-of-contract process
The return of data at the end of the contract through the process described is included in the original cost of the contract.

Should data be required in a format other than CSV there may be an additional cost to cover the time required to convert the data to the new format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The user interface is reactive to screen size to optimise the experience regardless of device. All features are available on mobile, tablet and desktop.
Service interface
User support accessibility
None or don’t know
Description of service interface
The IAND platform has a responsive web interface allowing access to the platform from multiple devices and screen resolutions. This allows operations including; managing users and permissions, data and integrations, actions, reporting and document management.
Accessibility standards
None or don’t know
Description of accessibility
IAND is committed to meeting accessibility guidelines and ensuring that the platform is usable for individuals with disabilities.
Accessibility testing
Testing has been undertaken to confirm that the core functionality of the platform can be accessed and used by those with with visual impairments.
What users can and can't do using the API
The IAND platform has integrated APIs to provide data enrichment including companies house and the IAND ESG API. The platform can be set up either through importing standard finance reports, or bespoke APIs to connect to your finance & procurement systems and data to your reporting packages (e.g. Power BI).
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
There is a management suite for super users to configure the IAND platform including: user roles and permission levels; custom 360 degree performance surveys; defining sectors and services; compliance approval levels, guides and document standards; de-duplication of supplier records across systems; and personalisation of the home page, names, links and settings.

There are wider features that can be configured for an individual instance / portfolio by the IAND team including: custom automations to trigger actions to rules; reporting including notifications; and exclusion rules for data management across multiple sources including auto-merge of duplicate records.


Independence of resources
We have developed the IAND platform to be fully scaleable. It is hosted on AWS servers and we are able to lease additional server capacity as it required in order that users are not affected by platform activity.


Service usage metrics
Metrics types
We provide metrics relating to the following activities: user numbers and permission levels; logins and active user stats; open actions and completion status; uptime. In addition we track support SLAs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is a reporting suite that enables super users to download reports at any time in .csv format. In addition should a user require an export of their data they can request this through the support desk who will schedule the request as part of our standard support SLA.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We aim for and have achieved in excess of 99.99% availability with the exception of pre-planned and notified maintenance over the past 12 months.
Should the level of availability fall below 98% and impact on a customer's ability to manage their suppliers they are able to request a refund of up to 100% of their monthly fee for affected users.
Approach to resilience
IAND's physical infrastructure is hosted and managed within Amazon’s secure data centres and utilise the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data centre operations have been accredited under ISO27001, 27017, and 27018.

We have procedures in place to cope with outages of any elements of our system. We are notified of vulnerabilities through both internal and external assessments and apply appropriate patches and security fixes.

We maintain redundancy to prevent single points of failure including the use of multiple data centres from which we can restore the platform in the event of an outage.

Should a buyer require additional information on the resilience of the service then it is available on request.
Outage reporting
Scheduled platform maintenance is carried out outside of normal office hours. Where this occurs an e-mail alert is sent to all users that may be affected.

In the event that there is an unscheduled service outage an e-mail is sent to all users giving information relating to the nature of the outage and the anticipated time to resolve the issue. It should be noted that to date we have not experienced an unscheduled service outage.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interfaces and support channels are only available to specific users in the client organisations and to members of the IAND team. First-line support have view and limited edit capability. Any edit carried out by first-line support is logged and time-stamped.
The technical team carrying out second-line support are the only people who can cancel activities on the IAND platform.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Access to systems is restricted to individuals with prior experience in building secure services. We monitor NCSC Security Guidance to ensure we always follow security best practices.
Information security policies and processes
We have an internal security policy that covers all staff computer usage, based on industry best practices. We use tooling to encourage best practices, and internal audits to ensure that policies are followed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are managed through source code control. Every change must pass automated security checking (e.g., checking for known vulnerabilities) before it is accepted. All changes are peer reviewed before being accepted, which includes manual checks for potential security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use a combination of automated vulnerability testing tools and monitoring of industry standard guidance (e.g., CVE lists) to identify potential threats. Any emerging threats block development work and must be resolved as a matter of urgency.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All events on the service are auditied. Automated triggers identify suspicious activity. Manual checks of user behaviour identify suspicious behaviour.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported via our usual support channels. Incident reports are circulated internally and to any affected users.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

IAND has integrated data capture and reporting on supply chain carbon emissions (scope 1 &2) as part of our ESG module which is included in all packages. This enables the standardisation of data collection and reporting on carbon over time, including intensity metrics.
Covid-19 recovery

Covid-19 recovery

IAND support building a resilient and diverse supply chain, including automating the collection of key data including supplier size and location providing client organisations with immediate insights on their supply chain resilience and SME capacity for each region across the UK.
Tackling economic inequality

Tackling economic inequality

The IAND ESG module includes detailed metrics on suppliers, leveraging public data where possible to minimise the cost for the collection & reporting of supply chain economic data while providing robust metrics.
Equal opportunity

Equal opportunity

IAND support building a resilient and diverse supply chain, including automating the collection of key data including gender diversity data, company size, location and type. Helping client organisations analyse their supply chain capacity and identify areas for improvement.


£475.00 an instance a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.