Suppeco Contract Performance Management CPM
Supplier Relationship Management Cloud Software. Supplier Contract Management Cloud Software. Suppeco leverages the potential in relationships to solve key challenges facing the customer-supplier ecosystem
Features
- Real time actionable insights and reports.
- KPI Creation Suite and Database. KPI library.
- Automated workflows for time and labour saving.
- Central contract store and share for customer and suppliers.
- Contracts and CSR audit compliance management.
- Contracts performance and events Management.
- All project and service real time narrative shown centrally.
- API Orchestration layer for integration and ease.
- Secure collaborative chat.
- Easy instant secure, and targeted access for unlimited users.
Benefits
- Live data to shows real time accurate performance.
- Inhouse database, upload libraries, or create custom KPIs.
- No need to log-in. Data regularly distributed to busy users.
- No more old files. Contract/docs repository with dynamic update CTAs
- Realtime CSR audit management, no more missed audits.
- Enhanced value capture with narrative beyond KPI dashboards.
- API/CSV import, export for easy people, supplier, data, onboarding.
- Actionable insight cost reduction via time-to-action, time-on-task KPIs.
- One simple omnichannel experience for all.
- Self policing digital governance replaces static events based governance.
Pricing
£25,000.00 to £96,000.00 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 6 8 2 8 0 4 0 0 6 4 6 7 8 5
Contact
SUPPECO LIMITED
Sheldon Mydat
Telephone: 07912651940
Email: sheldon.mydat@suppeco.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- There are no service constraints.
- System requirements
-
- Requires that users have selected acceptable login-passwords.
- If selecting SSO, users require an active AD profile.
- Requires to be used with supported internet browsers.
- Browsers must support HTML 5 or higher.
- Requires users to have internet access.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Major incident - Target ID: 30 minutes. Resolution: 4 hours.
Incident - Target ID: 2 hours. Resolution: 2 business days.
Minor incident - Target ID: 1 business day. Resolution 5 business days. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
All screens and services inside the platform feature instant tutorials and guidance.
Suppeco provides an in-app Ask a Question service containing comprehensive FAQ categories.
Suppeco provides instant support via phone and email.
There is no additional cost for support.
Suppeco provides access to a cloud support engineer. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Training Material: We provide a range of standard materials and can also create bespoke training guides, manuals, and videos specific to an organisation’s use of Suppeco.
Training Sessions: We conduct a range of training sessions for all user types, focusing on how to navigate and utilise Suppeco effectively (Teach-Ins, Webinars, Blind Webinars).
Feedback Loop: We suggest to establish a regular feedback mechanism for users to report issues or suggest improvements (such as bi-weekly customer-success calls). - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Video tutorials.
- End-of-contract data extraction
- Customers may have data removed and returned completely. Where a copy of such data is requested at termination or expiry of the subscription period, all data will be subsequently extracted and returned.
- End-of-contract process
-
At the end of a subscription, the service will cease to function. Logins will not work.
At the end of a subscription we retain data in case its required as part of customer record retention obligations. Customer data may be removed completely and returned upon customer request. The provision of such data shall be subject to a fee in respect of the time incurred by us.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Suppeco is fully responsive for mobile and other devices. All devices (including mobile) support all functionality.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Suppeco is an Azure native cloud application and as such is built in line with an API first architecture. Due to a heightened sense of security, we have chosen to hide the API for additional connectivity (beyond those already offered in the orchestration layer) The JSON/Swagger API port is opened subject to meeting relevant security and usage requirements.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Customer users can introduce branding (e.g. Logos)
Customer users can customise customer-supplier relationship infrastructures.
Customer global admin users can change branding.
Relationship manager users can customise customer-supplier infrastructures.
Scaling
- Independence of resources
-
Suppeco uses SQL AI to monitor the performance of database indices, looking for areas of heavy usage/consumption; and diverts additional processing resources to areas of higher demand to maintain speed and efficiency at point of use.
Suppeco uses an SQL elastic pool to allow for dynamic scalability of resources.
Suppeco customers benefit from a multi tenanted architecture. As well as the increased security that this provides, all separate customer tenants can be configured individually in terms of processing power. A single customer can operate multiple tenants across designated territories, or can operate a single tenant.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Suppeco provides service utilisation metrics across all modules. These are based on real time live data, showing levels of engagement by all users, both customer and supplier side. These are all provided in-app, and on-demand.
Additional reports are available upon request showing a range of usage statistics, such as data consumption, and traffic timelines. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Multi Tenant Data Storage, and Encryption Vault, Fine Grain Access.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Certain types of front end data such as supplier lists, supplier categories, and In-supplier KPI lists and menus are exportable via pre-formatted excel files.
Other uploaded documentation can be downloaded (exported) individually.
Bulk or batch data can be exported simply by raising a support request. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Suppeco strives to maintain the availability of services. On occasion, there is a need to perform maintenance on services, and this may in exceptional circumstances require a period of downtime. We try to minimise any such downtime. Where planned maintenance is being undertaken, Suppeco will provide notification in advance through the agreed channels.
- Approach to resilience
-
Suppeco is a native cloud, Azure hosted platform. Azure Storage retains multiple copies of customer data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that any storage account meets its availability and durability targets even in the face of failures.
Let’s clarify though; storing multiple copies of customer data does not mean that data has been migrated to data centres in far off global locations and jurisdictions.
Locally Redundant Storage (LRS) replicates stored data three times within a single data centre in the primary region. LRS provides at least 99.999999999% (11 nines) durability of [data] objects over a given year. - Outage reporting
- Suppeco provides a public service status page on its website.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Suppeco uses RBAC role based access controls.
In addition, because Suppeco is a multi tenanted SaaS application, the architecture is designed to segregate tenants and protect against cross contamination or interfacing of data across tenant channels.
Support channels are all managed on a per-tenant and role basis.
Building on the foundation of Role-Based Access Control (RBAC), Suppeco further fortifies its security posture and access control through comprehensive stakeholder mapping across its Four Pillars Infrastructure. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS / Citation
- ISO/IEC 27001 accreditation date
- 06/05/2022
- What the ISO/IEC 27001 doesn’t cover
- All areas of security policy and process are covered by the standard.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Suppeco is ISO27001 certified and complies with all security process and procedures. Suppeco undergoes regular compliance checks and audits.
Security process measures and details are elaborated within the Suppeco Security Briefing Paper: Making Value Measurable Suppeco Briefing v10.04.24 (subject to updates).
This can be provided on request.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configurable Items are evaluated to determine any changes required and where and how those changes can/should be implemented whilst also determining how such change will impact the current state of the system.
We integrate early stages of Triage into the DevOps cycle, ensuring that there's a continuous feedback loop from monitoring back to change identification - keeping the process dynamic and responsive.
The following process applies:
Identification of required change.
Raise change request on DevOps.
Triage / Feedback.
Backlog prioritisation/ Feedback.
Agree change approach strategy.
Execution of change / Agile Feedback. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Suppeco follows the vulnerability and threat level guidance provided by
Azure security services.
We apply anything identified as critical (i.e. patches) within 24 hours.
Our information is provided from Suppeco's Azure Security Centre.
A weekly SQL vulnerability assessment provides visibility of our centralised platform security state. This includes actionable steps to resolve issues and enhance group centralised database security.
Also provides constant monitoring of our dynamic database environments, where changes are otherwise difficult to track and improve our SQL security posture.
We continuously monitor for suspicious activities with regular security audits to provide early detection and mitigation of potential threats. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Suppeco utilises Azure Security Centre to monitor for potential compromises.
Detailed vulnerability scans run across all services to assess for potential compromises. The services including all compromises are assessed for pass/failure and high/medium/low risk assessment status. This determines the response.
When we find a high risk compromise, response is immediate. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Users can report by email, in-app via Contact Support, or by phone.
Suppeco uses an ITIL standards approach to incident management. The incident management process flow follows the following steps:
Registration: Once an incident is detected and logged in the ITSM.
Assignment: Assign the incident to the appropriate resolution group.
Diagnosis: Process by which the incident resolution team investigates.
Resolution: When the root cause of the incident is found and fixed.
Close: Incident closure involves conducting a Post Implementation Review (PIR).
Suppeco provides incident reports by email, on request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
A key Suppeco use case is its ability to support operational CSR/ESG audit compliance. Customers typically have visibility to their tier one suppliers; whilst 90% of the ESG footprint extends way beyond tier one - upstream in the supply chain. Suppeco has in place an orbit of API partnerships with GHG/Scope3 tracking platforms, benefiting from Suppeco's reach into companies further into the value chain. This together with the collaborative nature of the platform supports its ability to capture actual operational emissions data.
Pricing
- Price
- £25,000.00 to £96,000.00 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Suppeco Core Free Trial Option for G-Cloud
Single Domain (e.g. acme.om)
Single Territory
Unlimited Users
Monthly Licence
The core free trial does not include API Integration, Bulk Import, AAD SSO or federated AAD user authentication. Suppliers number limitations apply.