Capabiliteez Ltd t/a PQS Pre-Qualification-Scheme

PQS Prequalification of Suppliers & Contractor - FREE Cloud Portal (SSIP, PAS91, PPN 03/23)

A FREE cloud based software public sector bodies to pre-qualify, monitor and manage your contractors and suppliers.
We remove the burden and costs to you of conducting due diligence, prequalification, assessments, and the maintenance of documents (e.g. insurance) for your contractors and suppliers.
SSIP, PAS91, PPN03/23, CAS Principles

Features

• FREE cloud based portal for prequalifying and managing contractors/suppliers
• Set approval criteria for contractors/suppliers (e.g. SSIP, PAS91, PPN03/23)
• View/track status of contractors and suppliers against approval criteria
• View supplier and contractor key worker training records
• Tailor brand and appearance to reflect your requirements
• Tailor settings - providing flexibility and choice
• Real-time information about contractors/suppliers
• Email alerts configurable (on and off)
• Exportable data
• Remote access with unlimited users (varying roles and permissions)

Benefits

• FREE access to software to prequalify and manage suppliers/contractors
• Fulfillment of compliance obligations (incl health, safety, insurance, etc)
• Fulfillment of Procurement Policy Note PPN 03/23
• Fulfillment of insurance obligations
• Supporting lean procurement methodologies - reducing non value added administration/processing
• Working alongside existing processes (e.g Dynamic Purchasing System - DPS)
• Access to new and existing PQS registered suppliers and contractors
• Minimising complexity and cost for SMEs in fulfilling evaluation criteria
• Reducing barriers, maximising inclusion, and increasing supplier and contractor uptake
• PQS provides fast, affordable, proportionate assessments for businesses, especially SMEs

£0 to £0 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@pqscheme.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

258976256850420

Contact

Gareth Duford
0333 567 5670
enquiries@pqscheme.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance undertaken out of normal working hours (9 to 5pm); ; Suppliers and contractors appearing in the database can register with PQS for FREE and upload existing documents. Contractors and suppliers only pay for full SSIP or other assessments.
• System requirements: Web browser (e.g. chrome, edge)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day response.; ; No service at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Onboarding to tailoring free software to organisational requirements;; ; User instructions to reflect tailored settings;; ; Master user training.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Where required onsite setup and initial account creation can be provided.; ; User training is available through documentation or contact via email or phonecall, dependant on the customer preference.; ; User instructions is are available through prepared through documentation.; ; Screen sharing services can be implemented to guide users as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Exports of data in CSV, excel, or pdf formats
• End-of-contract process: Users stop accessing the software; ; We discuss deletion of the overall account; ; This is a free software tool

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None. Optimised for mobile use.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Once given authentication credentials, users can manage any resources through the API limited to their own company.; API functionality is limited on a per product basis - a user must have access to a product to use it's respective API.; ; For example; compliance status of suppliers and contractors can be shared via API. This means an existing financial or other vendor list can display compliance status.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Flexible and configurable options, methods and criteria for approval of suppliers and contractors.; ; Suppliers and contractors can be categorised to meet different needs and requirements.; ; Active users can be added removed at any point by designated persons. There is no limit to how many active users can be had at a given time.; ; Roles and permissions are customisable.; ; Visual branding is highly customisable, colours, logos, etc. can be modified by designated persons.; ; How data is presented and manipulated is adjustable by the end user where relevant.; ; Flexible reporting functionality is in place, some reports allow complete user customisation as to what data should be presented in a report.

Scaling

• Independence of resources: The PQS Administrators monitor usage and performance daily; ; We have a fully scaleable platform to avoid users being affected by demand of other users

Analytics

• Service usage metrics: Yes
• Metrics types: Realtime metrics around supplier and contractor complaince against your stated requirements; ; User activity logs; ; Email alerts - to reflect your settings
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Tailored export tool to CSV, excel or PDF
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service is available continuously except for planned and any non planned maintenance.; ; The service is FREE.
• Approach to resilience: Cyber essentials certification; ISO9001 certified - in house backups are maintained and stored securely in the incredibly unlikely event there is data loss by the 3rd party.; ISO17020 UKAS Inspection Body Accredited; ; Databases and file storage are managed by a 3rd party with assurances for data security, physical security and data loss mitigation - ISO27001.
• Outage reporting: Scheduled maintenance details are displayed on login page. There are mechanisms in place to inform users if the service is unavailable for use in the event of an unscheduled outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Administrative user(s) in your organisations controls invitations and permissions of users
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Cyber Essentials;; ISO9001 Certified;; ISO17021 UKAS Inspection Body Accreditation;; SSIP Registered Member.; ; Policies and practices based on principles of ISO27001 and National Cyber Security Centre - Cloud Security Guidance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Principles of ISO27001 adopted
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Principles of ISO27001 adopted
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Principles of ISO27001 adopted
• Incident management type: Supplier-defined controls
• Incident management approach: Principles of ISO27001 adopted

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  A digital service, eliminating traditional paper based supplier/contractor prequalification and management processes.; ; Promotes carbon management and reduction within the prequalification and approval of suppliers and contractors.

  Equal opportunity

  Service can be used to assess the approach of suppliers/contractors to equality, diversity, inclusion, fairness, respect.

  Wellbeing

  Service can be used to assess the approach of suppliers/contractors to health, safety & well-being.; The SSIP assessments includes health & safety and specifically mantal health, fatigue, well-being.

Pricing

• Price: £0 to £0 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: FREE demonstration;; ; The whole service is FREE

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@pqscheme.com. Tell them what format you need. It will help if you say what assistive technology you use.