Indigo& Limited

IAND, the integrated SRM platform to drive high performing relationships at scale

IAND tackles the challenges of fragmented systems & increasing complexity of supplier management. The platform connects data & systems to give a single place to explore & have intelligence on your suppliers. Integrated collaboration features automate account management, helping you build high performing, innovative and resilient supply chains at scale.

Features

• Automated insights reporting on supplier KPIs: risk, performance, innovation
• Social value reporting: SME spend, carbon, diversity & payment days
• Searchable supplier directory (map & list based) and category management
• Supplier onboarding, document and compliance management
• Manage bids, mini tenders and multi stage opportunities
• Manage framework delivery incl. supplier communications
• Project controls and contract management (including deliverables)
• Integrated 360 degree performance feedback supports ISO44001
• Integrated email notifications and risk alerts
• Dedicated support site with guides & resources

Benefits

• Connects systems: tackling fragmentation & delivering rapid supplier intelligence
• Full visibility on supplier relationships from risk to ESG
• Simple to use: intuitive platform drives adoption, SME friendly
• Transparency - one place to manage your full supplier relationships
• Automation - removes admin, saves time, integrated audit trail
• Productivity - workflow automation delivers 10x ROI
• Controls - integrated compliance, cost and risk controls
• Innovation - see innovation capacity & track adoption
• Cloud - plug & play, works on all devices OOTB
• Integrator - collaborative ecosystem management for joint ventures & alliances

£475.00 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@iand.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

151147745896872

Contact

Elspeth Finch MBE FREng
02038860866
sales@iand.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The IAND platform is an extension to your finance and procurement systems, providing an integrator to connect multiple systems together; creating a consolidated view of each of your suppliers across buying, spend, risk, performance and social value.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Modern web-browser
  • Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond as soon as possible. ; Email support is open 9am - 5:30pm on weekdays.; It is closed on weekends and bank holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Included within all service packages we provide the following:; Online self-serve support/knowledge base 24 hours;; Telephone support between 09:00 and 17:30;; E-mail support between 09:00 and 17:30;; Chat support between 09:00 and 17:30;; All support issues are dealt with by our in-house team. Priority tickets have an SLA of 6 hours vs. the standard SLA of 24 hours.; ; Additional support service hours are available on request. Core and Custom Portfolios have a dedicated Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a rich set of training resources available on the IAND Academy providing documentation and training guides. ; ; When client organisations start using the service they are assigned an account manager who will set up the organisation account on IAND and provide training, via a webinar, to key users. The platform is designed to be intuitive and easy to use and most users require no training. We do however encourage users to attend one of our regular open training webinars so that they can get the most value from their use of the platform.; ; Tailored webinars and on-site support are additional services priced at SFIA day rates.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of a contract or should a client decide to discontinue using the platform, we will export their data within 30 days on receipt of their request. We offer a .csv file to support importing to other systems.; ; The Account Manager would work with the client to define their requirements during this period and ensure they are satisfied with the data they receive.
• End-of-contract process: The return of data at the end of the contract through the process described is included in the original cost of the contract.; ; Should data be required in a format other than CSV there may be an additional cost to cover the time required to convert the data to the new format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user interface is reactive to screen size to optimise the experience regardless of device. All features are available on mobile, tablet and desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The IAND platform has a responsive web interface allowing access to the platform from multiple devices and screen resolutions. This allows operations including; managing users and permissions, data and integrations, actions, reporting and document management.
• Accessibility standards: None or don’t know
• Description of accessibility: IAND is committed to meeting accessibility guidelines and ensuring that the platform is usable for individuals with disabilities.
• Accessibility testing: Testing has been undertaken to confirm that the core functionality of the platform can be accessed and used by those with with visual impairments.
• API: Yes
• What users can and can't do using the API: The IAND platform has integrated APIs to provide data enrichment including companies house and the IAND ESG API. The platform can be set up either through importing standard finance reports, or bespoke APIs to connect to your finance & procurement systems and data to your reporting packages (e.g. Power BI).
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: There is a management suite for super users to configure the IAND platform including: user roles and permission levels; custom 360 degree performance surveys; defining sectors and services; compliance approval levels, guides and document standards; de-duplication of supplier records across systems; and personalisation of the home page, names, links and settings.; ; There are wider features that can be configured for an individual instance / portfolio by the IAND team including: custom automations to trigger actions to rules; reporting including notifications; and exclusion rules for data management across multiple sources including auto-merge of duplicate records.

Scaling

• Independence of resources: We have developed the IAND platform to be fully scaleable. It is hosted on AWS servers and we are able to lease additional server capacity as it required in order that users are not affected by platform activity.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics relating to the following activities: user numbers and permission levels; logins and active user stats; open actions and completion status; uptime. In addition we track support SLAs.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: There is a reporting suite that enables super users to download reports at any time in .csv format. In addition should a user require an export of their data they can request this through the support desk who will schedule the request as part of our standard support SLA.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We aim for and have achieved in excess of 99.99% availability with the exception of pre-planned and notified maintenance over the past 12 months. ; Should the level of availability fall below 98% and impact on a customer's ability to manage their suppliers they are able to request a refund of up to 100% of their monthly fee for affected users.
• Approach to resilience: IAND's physical infrastructure is hosted and managed within Amazon’s secure data centres and utilise the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data centre operations have been accredited under ISO27001, 27017, and 27018.; ; We have procedures in place to cope with outages of any elements of our system. We are notified of vulnerabilities through both internal and external assessments and apply appropriate patches and security fixes.; ; We maintain redundancy to prevent single points of failure including the use of multiple data centres from which we can restore the platform in the event of an outage.; ; Should a buyer require additional information on the resilience of the service then it is available on request.
• Outage reporting: Scheduled platform maintenance is carried out outside of normal office hours. Where this occurs an e-mail alert is sent to all users that may be affected.; ; In the event that there is an unscheduled service outage an e-mail is sent to all users giving information relating to the nature of the outage and the anticipated time to resolve the issue. It should be noted that to date we have not experienced an unscheduled service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interfaces and support channels are only available to specific users in the client organisations and to members of the IAND team. First-line support have view and limited edit capability. Any edit carried out by first-line support is logged and time-stamped.; The technical team carrying out second-line support are the only people who can cancel activities on the IAND platform.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Access to systems is restricted to individuals with prior experience in building secure services. We monitor NCSC Security Guidance to ensure we always follow security best practices.
• Information security policies and processes: We have an internal security policy that covers all staff computer usage, based on industry best practices. We use tooling to encourage best practices, and internal audits to ensure that policies are followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are managed through source code control. Every change must pass automated security checking (e.g., checking for known vulnerabilities) before it is accepted. All changes are peer reviewed before being accepted, which includes manual checks for potential security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a combination of automated vulnerability testing tools and monitoring of industry standard guidance (e.g., CVE lists) to identify potential threats. Any emerging threats block development work and must be resolved as a matter of urgency.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All events on the service are auditied. Automated triggers identify suspicious activity. Manual checks of user behaviour identify suspicious behaviour.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported via our usual support channels. Incident reports are circulated internally and to any affected users.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  IAND has integrated data capture and reporting on supply chain carbon emissions (scope 1 &2) as part of our ESG module which is included in all packages. This enables the standardisation of data collection and reporting on carbon over time, including intensity metrics.
• Covid-19 recovery:

  Covid-19 recovery

  IAND support building a resilient and diverse supply chain, including automating the collection of key data including supplier size and location providing client organisations with immediate insights on their supply chain resilience and SME capacity for each region across the UK.
• Tackling economic inequality:

  Tackling economic inequality

  The IAND ESG module includes detailed metrics on suppliers, leveraging public data where possible to minimise the cost for the collection & reporting of supply chain economic data while providing robust metrics.
• Equal opportunity:

  Equal opportunity

  IAND support building a resilient and diverse supply chain, including automating the collection of key data including gender diversity data, company size, location and type. Helping client organisations analyse their supply chain capacity and identify areas for improvement.

Pricing

• Price: £475.00 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@iand.com. Tell them what format you need. It will help if you say what assistive technology you use.