Proactis Tenders Limited

Multi-Buyer Public Sector Procurement Portal

A cloud procurement multi-language portal providing notice publication service to FTS and Contracts Finder. Inbuilt functions include Notice Creation Wizard, Requests For Quotations, notice e-mail alerts, Contracts Register and Management, eTendering, SPD service and Management Information Reporting. Can be branded for each buying organisation and comes with customer service support.

Features

• Automatic notice publication to Contracts Finder or FTS
• Documents available through secure e-submission postbox with access control
• Auditable log of all communication and activities
• One off notices or annual subscriptions for multiple notices available
• Request for quotation facility: low value and call off contracts
• E-mail alert service for suppliers to receive opportunitie
• Flexible management information reporting built in (OCDS compliant)
• Supplier sourcing directory to aid supplier engagement
• Support team who review all notices pre-publication
• Contract Register/Management tools to support proactive procurement activities

Benefits

• Ensures compliance in your procurement notices
• Supports SME and VCES engagement through free supplier sign on
• Bespoke contract management tool manages your procurement cycles
• Enables a secure and auditable procurement process
• Peace of mind that regulatory requirements have been met
• Generates bespoke MI reports to expand market knowledge
• Single source of data to analyse statistics and trends
• Reliable and knowledgeable support team to expand your knowledge
• Manual vetting of all notices to ensure compliance and accuracy
• Inbuilt SPD tool in line with CCS standard selection questionnaire

£145,000 to £260,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natasha.bowden@proactis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

245004786681231

Contact

Natasha Bowden
01224 636999
natasha.bowden@proactis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No. Site upgrades are performed out of hours and require some short periods of system downtime
• System requirements:
  • Any standard web browser
  • No individual software licences or anti-virus sofware required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our capable, knowledgeable and experienced support team in the UK who are available between 08:00 and 17:00 Monday to Friday in order to answer any questions or queries.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The Customer Support Helpdesk is available to provide support on system issues, i.e., errors seen in the system and/or if core functionality is not working as intended. The Helpdesk operates from 8:30am until 5:00pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays. An Account Manager becomes the first point of contact for all commercial, contract and day to day matters.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Proactis provides onsite training and/or online training . Proactis approaches training based on a ‘Train the Trainer’ methodology, the benefit of which is ensuring a thorough understanding of the solution resides within the Customer's organisation. Proactis will provide training on the use of the system to the intended ‘Trainer’s’ of the end users, i.e., the System Administrator. Training is delivered on a standard training environment, and additionally, before entering UAT. The aim is to ensure System Administrators have the skillset and tools to make the best use of the functionality, so they can then be self-sufficient in disseminating the training information to the end users.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If the service is being continued by a new provider we will work with the new provider to transfer data via their chosen secure method.
• End-of-contract process: Proactis will discuss your individual needs and prepare an Exit Strategy accordingly. ; Project planning and conducting of the data transfer are priced on the basis of the method chosen by the buyer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We are using responsive design elements.; There are no functional differences.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We are fully tested to AA standard
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our testing is done by our in house AA team and tested by external software. Finding are then addressed through the maintenance process.
• API: No
• Customisation available: Yes
• Description of customisation: Website design and content are customised with client branding. ; Certain functions can be switched on and off by configuration.; Multi language versions of the system can be provided. ; The client can request customisation of the design through their account manager which is conducted by the design and development team.

Scaling

• Independence of resources: All servers used are fully clustered, or replicated, and load balanced, allowing individual servers to go off-line, in either planned or unplanned fashion, without impacting system availability.; All servers are also replicated in real time to a second, geographically separated data centre, which can be brought online should the primary site fail for any reason.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics are provided for website traffic and user journeys. ; ; Reporting on website content (type of users registered, type of notices published, number of submissions made, suppliers awarded contracts) are provided by a real time reporter tool and on a monthly basis by the Account Manager.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV, EXCEL, JSON, PDF, XML and the native formats of any uploaded documents
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Core hours are Monday to Friday 9am to 5pm. ; ; During core hours the website availability guarantee is 99.5%. ; Outwith core hours the website availability guarantee is 99.9%
• Approach to resilience: Service is designed with resilience built in. Multiple load balanced web servers. All web, database and additional infrastructure is replicated between geographically separated data centers
• Outage reporting: Outages are reported through the PRTG Monitor which shows the status of each server and site. PRTG Monitor is an internal monitoring system which sends out email alerts if any of the server/sites goes down or has an alarm. ; ; Outages are reported through an internal WebsitesUpTime monitor within sharepoint and we also receive daily reports from StatusCake, our external monitoring partner, who also perform virus checking when connecting to the web site for monitoring purposes, and would alert us should the site/s contain any malicious content or outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All management interfaces sit behind a firewall and can only be accessed on the company network. User name and password is required for access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 27/09/2022
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials and Cyber Essentials Plus
• Information security policies and processes: Proactis is certificated to ISO 27001 and has a comprehensive suite of IS policies which are reviewed and updated each year internally by the Compliance and Quality Manager along with the IT Availability Services Director. External audits of the system and processes are undertaken by Alcumus Isoqar, a UKAS accredited auditor on an annual basis. Security governance forms part of our certification. All new starters are required to read and confirm adherence to all policies and procedures, and at least annually all staff members must sign to state they have read and understood the IS policies and any updates during the period. Any failure is reported at Board level. As part of the externally-audited standards, Proactis has a dedicated, independent, Compliance Team, headed by the Compliance Manager, who is also the Proactis Data Protection Officer. The team reports directly to the Proactis Board. The Compliance Team is also supported by key personnel within the ITAS function (IT Availability Services).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Any change to the configuration of the service are assessed for security impact before any action is taken. All changes are thoroughly tested internally and by User Acceptance Testing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Risk assessments are carried out at least annually by ITAS and Compliance. The infrastructure undergoes separate penetration tests conducted by an independent third party, with any outputs being assigned to a remediation plan. We use a variety of sources to recognise potential threats. Internal and external vulnerability scans of our environments for known threats are undertaken using industry-leading software, with reports compiled and reviewed on a monthly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Through our ISO/ISAE requirements, we have specific processes and procedures in place to actively monitor and react to any potential compromises, as does our Service Provider. This process includes Board Level notification of any such suspected breaches. If such a compromise is discovered then an immediate impact assessment is performed and necessary actions taken based on this review. Normally we would inform any customers affected as soon as is practical, except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Proactis documented Incident Management process is audited through our ISO/ISAE accreditations. There is scope designed within the process to allow for RCAs, forensic analysis and so forth, based on the type and severity of incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  In accordance with the current formulation of the Proactis Environmental, Social and Governance processes, Proactis has outlined a commitment to comply with relevant legislation and to continually act to minimise the environmental impact of our business. Specific environmental objectives include to adopt responsible fuel and energy management practices to reduce energy consumption, and to take measures to reduce waste at source and recycle where possible. We aim to pursue best practise green procurement, assessing sustainability, Corporate Social Responsibility (CSR) and, wherever possible and in accordance with our procurement criteria, adopt an increasingly localised supply chain. Proactis has been awarded Bronze certification by EcoVadis and is committed to continuing efforts to improve this rating further. Proactis has made a commitment to be Net Zero by 2030 and is in the process of documenting a formal ESG (Environmental, Social and Governance) strategy across the business, which will include formal targets and metrics across all 3 areas. This is championed by the Chief Financial Officer (CFO), who is the Board representative for Compliance and Governance. A Proactis Electric Vehicles Scheme is in place in the UK, with a number of employees already taking advantage of the initiative. Offering such a scheme highlights our dedication to our core values in support of Our Planet approach - to make decisions and policies that protect our planet.

  Covid-19 recovery

  As Covid-19 brought rise to the need to work from home, organisations recognised the need to adapt previously manual processes so people could work remotely. This need sparked a more urgent drive for digital transformation. The whole ethos of Proactis solutions is to automate Source to Pay processes, moving away from admin-heavy, manually intensive processes, while reducing the risk of human error. By making information transparent and easily and securely accessible online, stakeholders can access and collaborate on projects without needing to be in the office. This became more important during the pandemic and Proactis Customers in Public, Private and Not for Profit sector organisations were able to reap the benefits of the systems they had in place, as referenced by a Proactis Customer in the Education sector: “Overall, the obvious, and most relevant benefit in the midst of the COVID-19 situation is that we can access everything, in the same place, from anywhere. The Proactis solutions have been hugely helpful. We moved off site very quickly, but we were able to do this with confidence that none of our processes would suffer as a result. Supplier and Contract Management, eProcurement and now all invoicing processes are digital.“ Other Proactis customers also adopted additional modules that would support their digital transformation journey, which in turn helped to strengthen their business operations and increase agility during challenging times. This included adopting Proactis Supplier Management which, along with Contract Management and Sourcing modules, has helped to provide greater visibility and understanding of the supply chain to assist buyers in strengthening relationships with suppliers, reducing risk and enhancing overall compliance. Within Proactis, processes have been put in place to support Covid-19 recovery including effective social distancing, remote working, safe return to office working, sustainable travel solutions and greater consideration given to local suppliers.

  Tackling economic inequality

  Supply chain compliance is assured as Proactis expects our suppliers to comply with the applicable legislation and regulations we are governed by, including human rights, modern slavery, environment and privacy. Proactis is committed to being an open and transparent organisation and seeks partners and suppliers who share this commitment. The Proactis solutions, inclusive of Supplier Management and the Proactis Tenders Direct portal, naturally encourage greater engagement and collaboration with suppliers to deliver improved control, accountability, and measurability of the relationships with the buying organisation. Proactis provides assurance to both Customers and Suppliers that it adheres to all necessary standards appropriate to the undertaking of its activities. Certifications held by Proactis include Cyber Essentials Plus, ISO 27001 Information Security Management and ISO 9001 Quality Management. Proactis aims to support a sustainable eco-system within the communities in which it operates. Many employees live locally and Proactis supports a sustainable travel policy for all employees. Support for the local economy is encouraged with sourcing from local suppliers a key consideration in procurement activity where appropriate. In the UK the company supports and actively encourages employee participation in supporting local and national charities including Wetherby & District Foodbank, The Archie Foundation and Save the Children, through activities such as Dragon Boat Challenge, Christmas Jumper Day, Bake Off challenges. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.

  Equal opportunity

  Proactis promotes a working environment in which diversity is recognised, valued and encouraged. We acknowledge the multi-cultural and diverse nature of the UK workforce and society in general, and are committed to principles of fairness and mutual respect where everyone accepts the concept of individual responsibility. Proactis recognises that discrimination in the workplace in any form is unacceptable and, in most cases, unlawful. Company policy seeks to ensure that all job applicants, contractors and employees are treated fairly and without favour or prejudice. We are committed to applying this throughout all areas of employment. This includes recruitment and selection, training and development, benefits, rewards and promotion, dealing with grievances and disciplinary issues. The Proactis Equal Opportunities and Diversity policy complies with current legislation. We review it regularly and update it if the law changes. However, we recognise that equality of opportunity is best achieved by day to day commitment throughout the organisation. We offer support and training where necessary to achieve and maintain this. As a software company, Proactis does not have an extensive range of local or international suppliers where modern slavery or human trafficking would generally be a material risk. Regardless, Proactis is committed to acting ethically and with integrity in all our business relationships. Proactis has implemented improvements to internal systems and controls and how we engage with our supplier base to ensure that they will be compliant with the Act, to ensure slavery and human trafficking does not take place anywhere in our business or supply chains.

  Wellbeing

  Proactis recognises that by providing a safe, stimulating working environment and encouraging staff to achieve their maximum potential, this will reflect in the culture of our organisation, the solutions we deliver and the relationships we have with customers. Listening to and obtaining regular feedback from staff is as important as listening to our customers. Backed by a commitment from the Executive team to continually improve, Proactis undertakes annual employee engagement surveys. Following positive action taken, results show year on year improvements in engagement and positivity, with a >30 Net Promoter Score achieved earlier than the original target. Ensuring and maintaining the Mental Health of our employees is high on our agenda. In support of this a number of staff have completed a Mental Health First Aider course, so that they are able to identify others in need and offer support in relation to where they can get help. The MHFA team also undertakes projects to actively encourage all our people to be aware of the importance of their mental health by presenting lunch & learn sessions, communicating team activities via the ‘OneVoice’ employee newsletter, and providing monthly updates from MHFA England and MHFA Scotland. Internal communication channels have been established to encourage staff development and knowledge sharing. These include regular line manager catch-ups and Team meetings, lunch & learn sessions and companywide training sessions. In turn, these encourage sharing ideas that feed into the development of solutions for customers. Flexible and home working is supported, standardised performance appraisals are undertaken and include a values-based review with a reward and recognition programme in place. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.

Pricing

• Price: £145,000 to £260,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natasha.bowden@proactis.com. Tell them what format you need. It will help if you say what assistive technology you use.