DEEPSTREAM TECHNOLOGIES LIMITED

e-Procurement

DeepStream's platform revolutionises source-to-contract processes, enabling buyers to save time, reduce spend and transact with confidence. Our user-friendly technology replaces manual email and spreadsheet based sourcing processes with secure, efficient transactions. With a focus on simplicity, minimal training is needed for users to confidently utilise our powerful solution.

Features

• Unlimited templates for RFI/Q/P
• Approvals before moving to next stage/awarding
• Upload documents for response, deviation and acceptance
• Draft questions to review supplier responses online
• Add line items to gather detailed pricing
• Collaborate with internal colleagues and external collaborators
• Set user visibility and permissions per page on each RFx
• Evaluate and score responses online
• Communicate with suppliers via RFx specific message portal
• Run and manage e-Auctions with multiple suppliers

Benefits

• Enable online collaboration with colleagues from anywhere
• Enable collaboration with 3rd parties, JV's and buying consortiums
• Enable automation of RFx process via templates and auto-publication
• Remove manual processes around issuing review and awarding of RFx
• Managing communications with suppliers in a single, streamlined process
• Free, easy to manage portal for suppliers to respond via
• Technical support for buyers and suppliers
• Cut down on time taken to draft and evaluate responses
• Granular audit trail for disputes audit enquiries and regulatory requirements
• Access to agile product development releases every 2 weeks

£12,500 to £50,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at scott@deepstreamtech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

191855901032503

Contact

Scott Farrance
07528198018
scott@deepstreamtech.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Sunday from Midnight to 4am (UK time) is the reserved time for planned maintenance, although only exercised a couple times (and warning provided a few days ahead of time).
• System requirements: Modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided via Intercom, email or direct calls to Customer Success. All requests will be responded to ASAP. Our current setup provides dedicated, named, customer success support for all clients, and their suppliers. Any new clients who require specific, additional support can discuss this as part of the contracting and onboarding process.; Our support hours are 9-6, Monday - Friday. As with additional specific support being required, if any out of hours or weekend support is required, this can be discussed during contracting and onboarding, to ensure we meet the needs of new clients.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/A
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Clients will be assigned a dedicated Customer Success Manager, who will work with them from the point of sales handover, through onboarding, go-live and hypercare, to ensure the system is fully implemented. Support around onboarding and hypercare will be of a more intense fashion, with weekly calls to check progress, as well as sessions around templates and new processes, training, hands on support to ensure the first few requests are successful; Customer Support is included in quoted contract prices, there are no additional costs, and will also cover Supplier support, to remove the need for Buyers who are new to the tool having to provide support to their own suppliers; There is not technical account manager or cloud support engineer provided, but part of the contract with clients allows them to provide feedback and work with the Product team. As a SaaS tool all maintenance is the responsibility of our technical and development team, but they are not assigned per client.; If prospective clients feel that they require additional support above and beyond standard, additional support and associated costs can be discussed and agreed on a case by case basis
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a onboarding process template, which is tweaked/bespoked to suit the needs of each client once we are provided the handover and information from sales; ; The process follows the same standard route of intro calls, data requests, demo site build out, playback's, sign off, training and 'hypercare' support for the first few weeks post go-live. The location of meetings (remote, in person) and the number of sessions will depend on the scale and complexity of each client. We have onboarded smaller clients in 1-2 days, some take a number of weeks. The client's readiness to use the platform also influences how long the onboarding will take
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: There are multiple self-service reports and audit trails which can be extracted from individual requests at any time, and post-contract.; ; If clients require a more detail/complete of requests, suppliers, users, pricing information and activity within the platform, that can be extracted by our Product team, once the specific requirements are received in writing from the client
• End-of-contract process: At the end of a contract users will still have full access to all request and network data. They will just not be able to start any new RFx. Any in-flight procurement processes can also be concluded; ; There are multiple self-service reports and audit trails which can be extracted from individual requests at any time, and post-contract. If clients require a more detail/complete of requests, suppliers, users, pricing information and activity within the platform, that can be extracted by our Product team, once the specific requirements are received in writing from the client

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User Interface optimised for mobile devices, so full user experience provided for mobile users.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: No

Scaling

• Independence of resources: We have horizontally scaling infrastructure that can be scaled automatically based on load.

Analytics

• Service usage metrics: Yes
• Metrics types: Request sent from; Final deadline; Total approximate value; Currency; Total approximate value amount; Event Overview; Request owners; Team members; Time from draft creation to issue (min); Time from issue to close of final deadline (min); Total stages in request; Total revisions issued; Total document exchanges in issued request; Total supplier companies; Supplier Completed bid(s); Supplier Did not complete bid; Supplier Declined to bid or withdrew; Supplier Did not respond to request; Total comments posted between buyer and all suppliers; Average time suppliers took to complete their bid (min); Total documents received from all suppliers
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Various parts of the UI allow you to export data on-demand via downloadable CSV files. Data not covered by these CSVs can be requested from the team (subject to agreement and longer timeframes).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability uptime agreement of 99.99%.; Refunds would be discussed on a case by case basis if the system went down, tied to length of downtime, when downtime occurred (during work hours/weekends/overnight), impact to business and length of time to resolve
• Approach to resilience: Available upon request
• Outage reporting: Email alerts from Customer Success, followed up with any updates and confirmation when the system is back up and running fully

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Microsoft SSO available if required for any clients
• Access restrictions in management interfaces and support channels: Our Admin access, whether via the system or our support channels is severely restricted in terms of the information which can be displayed. Beyond basic data (users, suppliers, request names and numbers) we cannot see information within the actual Production Requests created by users. This was designed with user security in mind and to ensure that confidential data which clients enter into our system remains confidential
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Username and password OR via Single Sign-on (SSO) enabled via Microsoft Azure

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 22/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a comprehensive set of objectives set by our CEO – outlined below.; ; Performance vs our objectives is continually assessed and reported to our CEO.; Key Information Security Objectives:; Certification; Obtain and maintain certification to ISO 27001; ; Supplier engagement; Ensure contracts are in place with all information security critical suppliers; ; Engagement and communications; Frequent information security briefing with for all employees, including at induction; ; Control assessments; Quarterly information security control measures assessments; ; Security incidents / breaches; 0 information security incidents; ; Legal compliance; Annual check of our operations vs legislative requirements – including GDPR EU 2016/679; ; Network downtime; To minimise the amount of network downtime; ; We are committed to achieving these by:; Maintenance of an ISMS that is independently certified as compliant with ISO 27001:2013; Systematic identification of security threats and application of a risk assessment procedure that will identify and implement appropriate control measures; Monitoring of security threats and testing /auditing of the effectiveness of control measures; Maintenance of a risk treatment plan that is focused on eliminating or reducing security threats; Maintenance and regular testing of a Business Continuity Plan; Clear definition of responsibilities for implementing the ISMS; Provision of appropriate information, instruction and training to our employees

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are managed in two locations; Airtable - to capture and manage ideas; Jira - to specify, prioritise and implement changes we have commited to make; The following is recorded in both Airtable and Jira; A unique reference; Requester of change; Date requested; Ideas are reported in a structured way, using the following fields:; Description; Related problem; Potential solution; Related customers; Is this blocking a customer?; Ideas are triaged and considered at least once per month, led by the Product Manager.; ; More information available upon request, cannot fit entire process into 100 words
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our infrastructure and codebases are continuously monitored for security vulnerabilities which use trusted databases. When a critical vulnerability has been identified in our system, a patch is immediately prioritised above all other ongoing work with the goal of deployment as quickly as possible.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use services that continuously our networks and and alert us to anomalies in our network infrastructure. Logs across our applications and 3rd party services are also reviewed on a regular basis. Incidents are responded to as soon as they discovered and confirmed.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a Security Incident Management Procedure which specifies the process for dealing with security incidents. Users can report incidents to our Customer Success team and they will be escalated immediately. We provide written incident reports with clear language of the nature of the incident; contact details of CEO; likely consequences; and measures taken or proposed to be taken to address the incident, including, where appropriate, measures to mitigate its possible adverse effects.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our platform for suppliers is free to use, and by creating a level playing field it allows people from any background, size, or economy to respond in the same fashion

Pricing

• Price: £12,500 to £50,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trail is conducted within our Pilot site (sandbox) to allow full end to end validation of the system in a controlled envrionment; Users have access to buyer and supplier accounts to run full processes, and processes run for 14 days unless specifically requestes to be extended

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at scott@deepstreamtech.com. Tell them what format you need. It will help if you say what assistive technology you use.