4C Associates Ltd

Spend Management

Spend Analytics powered by AI, combining procurement expertise and machine learning for more reliable data visibility. Identify savings opportunities and compliance risks. Savings tracking software. PMO. Management Information. Dynamic reporting. Highly configurable.

Features

• Complete suite of operational procurement KPI's with best-in-class reports
• Configurable to reflect your businesses governance processes
• Translate spend data into savings - budget, forecast & actual
• Combines domain expertise and machine learning
• Integrate data from several sources into a single unified view
• Contract meta data extraction adds texture & context to analyses
• External benchmark data compares spend to similar organisations
• Service delivered through secure browser
• Rapid implementation and project load features delivering visibility, faster
• Manages projects through the entire life-cycle, handling all projects types

Benefits

• Delivers visibility, faster. Resulting in less time reporting
• Reduces uncertainty about benefits, their budget impact & phasing
• A single source of the truth supports good governance
• Embedded methodology to reduce training time required
• Procurement & Finance can work hand in hand
• External benchmark data compares spend to similar organisations
• Control your spend and identify benefits
• Manage risks and compliance of 3rd party spend
• Manage spend visibility across multiple ERPs or diverse departments
• Bring the power of Big Data to your procurement operations

£23,625 to £52,650 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.blackburn@4cassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

289705335483904

Contact

Darren Blackburn
+44 7790 883700
darren.blackburn@4cassociates.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: We offer industry standard SLAs for availability, up time and issue resolution
• System requirements: Chrome, IE, Firefox and Safari browsers supported

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Level 1 – Critical, System-wide failure. ; Response within 30 minutes. ; Fix 4 hours; Level 2 – Non functional or producing errors. ; Response 30 mins. ; Fix 72 hours; Level 3 – Low, Advice/Enquiries. ; Response 30 mins; Fix 40 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of user support for our applications.; Any additional service wrappers are agreed between the parties
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite & Online training is provided
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At end of contract the clients data is provided as a zip file of all tables
• End-of-contract process: Provision of client data is included within the service costs. Any additional services are agreed between the parties

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile UI layouts defined and delivered to mobile devices
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A web app with web forms.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have not carried out any testing.
• API: No
• Customisation available: Yes
• Description of customisation: Standard views & navigations are provided.; Views, Charts are configurable to meet the clients specific needs

Scaling

• Independence of resources: Load balancing

Analytics

• Service usage metrics: Yes
• Metrics types: Users; User logins by period
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All visuals have an export to Excel feature
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99% planned availability
• Approach to resilience: We use Microsoft's SharePoint Online. Please see this link on their Data Resiliency: https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-sharepoint-data-resiliency
• Outage reporting: Public Dashboard; User email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only our partners at CenCom Solutions would have access to these types of tool.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have policies that cover: ; Information Security; Data Backup & Privacy; Data Protection & Data Protection Breach; Onboarding, Change and Leavers; Logical Access; Business Continuity
• Information security policies and processes: We have an Information Security Policy in place (this can be provided).; ; The Head of Development is the designated owner of the Information ; Security Policy and is responsible for the maintenance and review of the Information Security Policy, processes and procedures.; ; Heads of Department are responsible for ensuring that all staff and employees, contractual third parties and agents of 4C are made aware of and comply with the Information Security Policy, processes and procedures.; ; 4C’s auditors will review the adequacy of the controls that are implemented to protect 4C’s information and recommend improvements where deficiencies are found.; ; All staff and employees of 4C, contractual third parties and agents of 4C accessing 4C’s information are required to adhere to the Information Security Policy, processes and procedures and information security measures included in the Employee Handbook.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate with a partner (CenCom Solutions Ltd) who manage our IT infrastructure and support. Their service desk operated under ITIL principals.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use GFI Languard to ensure all systems are kept up to date in terms of software and patches. Critical and recommended patches are installed automtically, Those for functionality would be applied after monthly review. And systems which do not apply the patches automatically create help desk requests and are resolved.; ; The Power BI service is built on Microsoft Azure, which means that it benefits from the Azure platform’s robust security technologies. The multi-pronged threat management approach protects it by using intrusion detection, DDoS attack prevention, penetration testing, data analytics, and machine learning to strengthen its defence and reduce risks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is managed by CenCom who professionally manage all 4C's IT infrastructure. Event logs recording user activities, exceptions, faults and information security events are reviewed daily on all servers to ensure there are no brute force or other security alerts and every 15 minutes to ensure firewalls and security software is running and working. CenCom maintain shadows on all shared drives going back at least 7 days for recovery of deleted data.
• Incident management type: Supplier-defined controls
• Incident management approach: CenCom Solutions manage the systems and are alerted to malicious attempts to access data, out of date systems and malicious outbreaks, these are then analysed and resolved. Additionally, the Office 365 reports for security incidents are reviewed.; ; We have a Data Protection Breach Policy in place.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity

  Covid-19 recovery

  Covid-19 recovery; ; 4C Associates actively supported the UK with Covid-19 recovery. We delivered multiple successful engagements. In the early stages of the programme, when governance processes were limited, our team faced the challenge of navigating public procurement rules without clear lines of authority or established processes. Despite this hurdle, we proactively engaged in problem-solving, utilizing our collective expertise to effectively manoeuvre through the complexities of procurement within an uncertain framework. Furthermore, the constantly evolving nature of the programme demanded a high level of responsiveness. We consistently adapted to changing demands and forecasts, recognizing the significant impacts that developments such as vaccine advancements and the introduction of lateral flow products had on procurement and sourcing activities. Our ability to swiftly adjust strategies and priorities ensured that we remained agile in our approach to procurement, enabling us to meet the dynamic needs of the programme. Despite the diverse backgrounds within our team, including many members without extensive experience in the public sector, we demonstrated a progressive attitude towards problem-solving. Embracing the highly flexible working environment, we fostered innovation, developing new strategies and approaches to address challenges that had not previously been encountered. Our team's adaptability and willingness to explore unconventional solutions have proven invaluable in overcoming obstacles and driving progress. Collaboration has been integral to our success within the Test and Trace (T&T) programme. Comprising civil servants, interim contractors, and consultants, our team operates cohesively towards a common goal. By working hand in hand, we leverage the diverse skills and perspectives within our team, maximizing efficiency and effectiveness in delivering the T&T programme for the nation. Our collaborative ethos fosters synergy and ensures alignment towards achieving shared objectives, underscoring our commitment to excellence in execution and delivery.

  Equal opportunity

  Equal opportunity; ; At 4C, we have a commendable history of recruiting individuals with disabilities, and we take immense pride in our collaborations with esteemed organizations such as the Shaw Trust and Workzone to cultivate effective disability outreach programs. As part of our commitment to inclusivity, we outline the following initiatives for this contract: Firstly, we pledge to conduct Disability Confident Job Fairs at Ministry of Justice (MoJ) offices and local educational institutions, ensuring a minimum of one job fair per quarter commencing January 2024, following agreement on the Social Value (SV) plan. Secondly, we commit to active participation in or financial contributions to community events organized by disability charities, aiming to raise awareness about opportunities for disabled individuals. We aim to engage in a minimum of two such events annually throughout the contract period. Moreover, we address stigma and perception surrounding mental health issues by supporting initiatives like Mental Health Week and World Mental Health Day. We organize topical talks featuring guest speakers and allocate time for employees to focus on their mental well-being. For instance, recent sessions included speakers such as Wendy Gibson, a TED Talker, former Team GB Paralympian, motivational speaker, and counsellor. We will organize a minimum of two similar sessions per year for the contract workforce. Lastly, we ensure inclusivity in job postings and adjustments at interviews. All vacancies on the contract will be advertised in an inclusive and accessible manner, with postings on dedicated platforms. We offer necessary adjustments and accessible technology to ensure interviews are comfortable for individuals with disabilities, a practice consistently upheld throughout this contract. Through these initiatives, we reaffirm our commitment to fostering an inclusive environment and providing equal opportunities for individuals of all abilities.

Pricing

• Price: £23,625 to £52,650 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Limited users; Limited time period; available on request; ; A fully featured demo version is available for evaluation

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.blackburn@4cassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.