Skip to main content

Help us improve the Digital Marketplace - send your feedback

SUPPECO LIMITED

Suppeco Contract Performance Management CPM

Supplier Relationship Management Cloud Software. Supplier Contract Management Cloud Software. Suppeco leverages the potential in relationships to solve key challenges facing the customer-supplier ecosystem

Features

  • Real time actionable insights and reports.
  • KPI Creation Suite and Database. KPI library.
  • Automated workflows for time and labour saving.
  • Central contract store and share for customer and suppliers.
  • Contracts and CSR audit compliance management.
  • Contracts performance and events Management.
  • All project and service real time narrative shown centrally.
  • API Orchestration layer for integration and ease.
  • Secure collaborative chat.
  • Easy instant secure, and targeted access for unlimited users.

Benefits

  • Live data to shows real time accurate performance.
  • Inhouse database, upload libraries, or create custom KPIs.
  • No need to log-in. Data regularly distributed to busy users.
  • No more old files. Contract/docs repository with dynamic update CTAs
  • Realtime CSR audit management, no more missed audits.
  • Enhanced value capture with narrative beyond KPI dashboards.
  • API/CSV import, export for easy people, supplier, data, onboarding.
  • Actionable insight cost reduction via time-to-action, time-on-task KPIs.
  • One simple omnichannel experience for all.
  • Self policing digital governance replaces static events based governance.

Pricing

£25,000.00 to £96,000.00 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sheldon.mydat@suppeco.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 6 8 2 8 0 4 0 0 6 4 6 7 8 5

Contact

SUPPECO LIMITED Sheldon Mydat
Telephone: 07912651940
Email: sheldon.mydat@suppeco.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are no service constraints.
System requirements
  • Requires that users have selected acceptable login-passwords.
  • If selecting SSO, users require an active AD profile.
  • Requires to be used with supported internet browsers.
  • Browsers must support HTML 5 or higher.
  • Requires users to have internet access.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Major incident - Target ID: 30 minutes. Resolution: 4 hours.
Incident - Target ID: 2 hours. Resolution: 2 business days.
Minor incident - Target ID: 1 business day. Resolution 5 business days.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
All screens and services inside the platform feature instant tutorials and guidance.
Suppeco provides an in-app Ask a Question service containing comprehensive FAQ categories.
Suppeco provides instant support via phone and email.
There is no additional cost for support.
Suppeco provides access to a cloud support engineer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training Material: We provide a range of standard materials and can also create bespoke training guides, manuals, and videos specific to an organisation’s use of Suppeco.
Training Sessions: We conduct a range of training sessions for all user types, focusing on how to navigate and utilise Suppeco effectively (Teach-Ins, Webinars, Blind Webinars).
Feedback Loop: We suggest to establish a regular feedback mechanism for users to report issues or suggest improvements (such as bi-weekly customer-success calls).
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Video tutorials.
End-of-contract data extraction
Customers may have data removed and returned completely. Where a copy of such data is requested at termination or expiry of the subscription period, all data will be subsequently extracted and returned.
End-of-contract process
At the end of a subscription, the service will cease to function. Logins will not work.

At the end of a subscription we retain data in case its required as part of customer record retention obligations. Customer data may be removed completely and returned upon customer request. The provision of such data shall be subject to a fee in respect of the time incurred by us.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Suppeco is fully responsive for mobile and other devices. All devices (including mobile) support all functionality.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Suppeco is an Azure native cloud application and as such is built in line with an API first architecture. Due to a heightened sense of security, we have chosen to hide the API for additional connectivity (beyond those already offered in the orchestration layer) The JSON/Swagger API port is opened subject to meeting relevant security and usage requirements.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customer users can introduce branding (e.g. Logos)
Customer users can customise customer-supplier relationship infrastructures.
Customer global admin users can change branding.
Relationship manager users can customise customer-supplier infrastructures.

Scaling

Independence of resources
Suppeco uses SQL AI to monitor the performance of database indices, looking for areas of heavy usage/consumption; and diverts additional processing resources to areas of higher demand to maintain speed and efficiency at point of use.

Suppeco uses an SQL elastic pool to allow for dynamic scalability of resources.

Suppeco customers benefit from a multi tenanted architecture. As well as the increased security that this provides, all separate customer tenants can be configured individually in terms of processing power. A single customer can operate multiple tenants across designated territories, or can operate a single tenant.

Analytics

Service usage metrics
Yes
Metrics types
Suppeco provides service utilisation metrics across all modules. These are based on real time live data, showing levels of engagement by all users, both customer and supplier side. These are all provided in-app, and on-demand.

Additional reports are available upon request showing a range of usage statistics, such as data consumption, and traffic timelines.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Multi Tenant Data Storage, and Encryption Vault, Fine Grain Access.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Certain types of front end data such as supplier lists, supplier categories, and In-supplier KPI lists and menus are exportable via pre-formatted excel files.
Other uploaded documentation can be downloaded (exported) individually.
Bulk or batch data can be exported simply by raising a support request.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Suppeco strives to maintain the availability of services. On occasion, there is a need to perform maintenance on services, and this may in exceptional circumstances require a period of downtime. We try to minimise any such downtime. Where planned maintenance is being undertaken, Suppeco will provide notification in advance through the agreed channels.
Approach to resilience
Suppeco is a native cloud, Azure hosted platform. Azure Storage retains multiple copies of customer data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that any storage account meets its availability and durability targets even in the face of failures.

Let’s clarify though; storing multiple copies of customer data does not mean that data has been migrated to data centres in far off global locations and jurisdictions.

Locally Redundant Storage (LRS) replicates stored data three times within a single data centre in the primary region. LRS provides at least 99.999999999% (11 nines) durability of [data] objects over a given year.
Outage reporting
Suppeco provides a public service status page on its website.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Suppeco uses RBAC role based access controls.

In addition, because Suppeco is a multi tenanted SaaS application, the architecture is designed to segregate tenants and protect against cross contamination or interfacing of data across tenant channels.

Support channels are all managed on a per-tenant and role basis.

Building on the foundation of Role-Based Access Control (RBAC), Suppeco further fortifies its security posture and access control through comprehensive stakeholder mapping across its Four Pillars Infrastructure.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS / Citation
ISO/IEC 27001 accreditation date
06/05/2022
What the ISO/IEC 27001 doesn’t cover
All areas of security policy and process are covered by the standard.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Suppeco is ISO27001 certified and complies with all security process and procedures. Suppeco undergoes regular compliance checks and audits.

Security process measures and details are elaborated within the Suppeco Security Briefing Paper: Making Value Measurable Suppeco Briefing v10.04.24 (subject to updates).

This can be provided on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configurable Items are evaluated to determine any changes required and where and how those changes can/should be implemented whilst also determining how such change will impact the current state of the system.

We integrate early stages of Triage into the DevOps cycle, ensuring that there's a continuous feedback loop from monitoring back to change identification - keeping the process dynamic and responsive.
The following process applies:

Identification of required change.
Raise change request on DevOps.
Triage / Feedback.
Backlog prioritisation/ Feedback.
Agree change approach strategy.
Execution of change / Agile Feedback.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Suppeco follows the vulnerability and threat level guidance provided by
Azure security services.

We apply anything identified as critical (i.e. patches) within 24 hours.
Our information is provided from Suppeco's Azure Security Centre.

A weekly SQL vulnerability assessment provides visibility of our centralised platform security state. This includes actionable steps to resolve issues and enhance group centralised database security.

Also provides constant monitoring of our dynamic database environments, where changes are otherwise difficult to track and improve our SQL security posture.

We continuously monitor for suspicious activities with regular security audits to provide early detection and mitigation of potential threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Suppeco utilises Azure Security Centre to monitor for potential compromises.

Detailed vulnerability scans run across all services to assess for potential compromises. The services including all compromises are assessed for pass/failure and high/medium/low risk assessment status. This determines the response.

When we find a high risk compromise, response is immediate.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Users can report by email, in-app via Contact Support, or by phone.

Suppeco uses an ITIL standards approach to incident management. The incident management process flow follows the following steps:

Registration: Once an incident is detected and logged in the ITSM.
Assignment: Assign the incident to the appropriate resolution group.
Diagnosis: Process by which the incident resolution team investigates.
Resolution: When the root cause of the incident is found and fixed.
Close: Incident closure involves conducting a Post Implementation Review (PIR).
Suppeco provides incident reports by email, on request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

A key Suppeco use case is its ability to support operational CSR/ESG audit compliance. Customers typically have visibility to their tier one suppliers; whilst 90% of the ESG footprint extends way beyond tier one - upstream in the supply chain. Suppeco has in place an orbit of API partnerships with GHG/Scope3 tracking platforms, benefiting from Suppeco's reach into companies further into the value chain. This together with the collaborative nature of the platform supports its ability to capture actual operational emissions data.

Pricing

Price
£25,000.00 to £96,000.00 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Suppeco Core Free Trial Option for G-Cloud
Single Domain (e.g. acme.om)
Single Territory
Unlimited Users
Monthly Licence

The core free trial does not include API Integration, Bulk Import, AAD SSO or federated AAD user authentication. Suppliers number limitations apply.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sheldon.mydat@suppeco.com. Tell them what format you need. It will help if you say what assistive technology you use.