Moore Stephens Insight Limited

ProActis procurement solution

Cloud-based SaaS, COTS (off the shelf) procurement solution covering Sourcing, Supplier Management, Contract Management, Supplier Network, Marketplace, Purchase to Pay, and Accounts Payable Automation. The Source-to-Pay solution allows buyers to select all or some of the modules to allow seamless transfer of information and process flows throughout the organisation.

Features

• Workflow driven, simple to use collaborative platform for sourcing
• Streamlined and engaging process for supplier management
• Central repository for contract management
• Collaborative portal with document upload for your supplier network
• Publish controlled content on Marketplace
• Control and simplify the buying process with Purchase 2 Pay
• Electronic transactions functionality with Accounts Payable Automation
• Managed service offering to manage initial data capture of invoices
• Real time reporting and intelligent auditing
• Purchasing history for procurement process improvement

Benefits

• Time saving with many modules driven by workflow
• Cost effective as solution is buildable to your needs
• Easy visibility of data, resulting in more informed decision making
• Flexibility: Scaled to fit you, not the other way around.
• Increase user adoption and utilisation with familiar user-friendly interface
• Less user responsibility: we provide experts for managed invoicing
• Peace of mind: know you are following the latest legislation
• Safe pair of hands with expertise on public procurement
• Security: ISO27001 certified, CyberEssentials+, registered Data Controller with ICO.
• Market leader and experienced implementation methodologies

£14,400 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

293158600803549

Contact

Antonia Martin
020 7952 4690
info@moore-insight.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Releases are always deployed outside core hours, the intention always being to avoid disruption to services. Any potential disruption caused by upgrades will be communicated to Customers.
• System requirements:
  • Supported web browser (Chrome, Edge, Firefox, Safari)
  • Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Helpdesk operates from 9:00am until 17:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Proactis Project Consultants will provide post Go Live support for circa two weeks – the hypercare period. Once post Go Live support has been provided, a Proactis Account Manager will become the first point of contact for all commercial, contract and day to day matters; that are typically ‘non-support’ orientated. ; ; Ongoing support will be handled by a dedicated Proactis Customer Support team.; ; The Proactis Customer Support team offers a comprehensive technical support service for Proactis systems. It is a 2nd line support service to provide help and assistance to Customer System Administrators. This support is included as part of the subscription cost for the lifetime of the contract.; The priorities are linked to SLA's contained within the Proactis standard contract that controls response and resolution times according to the ticket priority level/severity.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Proactis has its own experienced Professional Services team who work on Customer implementations of the Proactis solution(s). The Proactis project team consists of two key roles that will become the ‘go to’ for the Customer during the project.; Project Manager – a dedicated resource that is available to ensure the smooth delivery of the project. They are the main point of contact for general progress updates, queries, and issues arising during the project.; The Project Manager will work closely alongside an Application Consultant who will be the main point of contact for the technical and functional requirements element of the project. They will facilitate the design workshops, configure the prototype configuration, support testing and build etc. They are the ‘subject matter expert’ for the project.; ; Our approach to training is based upon ‘Train the Trainer’ methodology. This has the dual benefit of ensuring a thorough understanding of the solution resides with the Customer and contains the cost.; As part of the implementation and on-going support in use of the system, Customers have access to a UAT version of their instance which can be used for testing as required.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: 1. Date to be agreed between Proactis and the customer as to the final extract of data. For customers who are hosted by Proactis, the first extract will be provided free of charge. Any subsequent requests for copies would incur additional fees. ; 2. Customer to provide an encrypted external drive to Proactis for the purposes of transporting data. It is highly recommended that the service used for this are either via private courier or requiring signature through normal mail processes. ; 3. Proactis will extract the customers’ data and provide it in the format of a standard database backup. The type and version of the backup would be informed at the point of extract. ; 4. Proactis will then return the data on the encrypted device to the customer and request that it is extracted and restored. The customer is responsible for the provisioning of the platform required to restore the data.
• End-of-contract process: The standard outline Exit Strategy is as follows: ; 1. Date to be agreed between Proactis and the customer as to the final extract of data. For customers who are hosted by Proactis, the first extract will be provided free of charge. Any subsequent requests for copies would incur additional fees. ; 2. Customer to provide an encrypted external drive to Proactis for the purposes of transporting data. It is highly recommended that the service used for this are either via private courier or requiring signature through normal mail processes. ; 3. Proactis will extract the customers’ data and provide it in the format of a standard database backup. The type and version of the backup would be informed at the point of extract. ; 4. Proactis will then return the data on the encrypted device to the customer and request that it is extracted and restored. The customer is responsible for the provisioning of the platform required to restore the data. ; 5. Once the customer has confirmed data is restored or after 14 days (whichever is sooner), Proactis will destroy all data relating to that customer. Further extracts will not be possible after this point.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The Managed Service offering for invoicing support is optional and configurable based on your needs/volume of work. ; ; User interfaces can be configured based on user preferances/accessibility requirements and user roles.

Scaling

• Independence of resources: Proactis uses virtualisation and storage area network (SAN) technologies to deliver the solution to Customers. The environment is constantly monitored to ensure that there are no capacity issues. This includes monitoring of both the physical host and virtual machines to ensure CPU, network, memory and disk utilisation are not exceeding usage thresholds.; ; The infrastructure design allows us to add more capacity quickly and easily when required, with little or no impact on service availability. This may be via adding more CPU/Memory resource from the existing physical infrastructure or adding additional physical resources to the environment.

Analytics

• Service usage metrics: Yes
• Metrics types: We produce a daily resource report to look for any pattern in spike of usage that could require further investigation.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: ProActis

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can run reports and export directly from the system depending on the module they are in. This exports in csv or PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As Proactis provides cloud-based software as a service (SaaS), a typical service level agreement would be server availability, or up-time. Availability of the Hosted System, excluding scheduled downtime shall be:; ; • 99.5% 7 days/week, 24 hours/day, 365 days/year.; ; Monitoring solutions are in place performing over 10 million checks a day across both our infrastructure and applications. Alert thresholds have been configured so should an application become unresponsive, key staff are notified via email and/or mobile phone within 3 minutes.
• Approach to resilience: The physical infrastructure used to run the full Source to Pay suite is hosted in the United Kingdom by hosting partner Redcentric plc, with whom Proactis has a strategic partnership. ; ; Redcentric’s data centres are located in Yorkshire (Primary) and Berkshire (Secondary). They manage the datacentres and look after the secure internet connectivity (such as security patching and firewall management) and the privately tenanted infrastructure Proactis products are built on.; ; Proactis is solely responsible for the data and information management. The applications are hosted within the Proactis purpose-built hosted infrastructure. This is completely segregated from internal Proactis systems, with access controlled and granted on the principles of least privilege.; More information is available on request.
• Outage reporting: Key staff are notified via email and/or mobile phone within 3 minutes.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: For all system related incident reporting and resolution, using secure, unique login details, users would raise a technical support ticket in the first instance using the online Proactis Support System.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus Isoqar
• ISO/IEC 27001 accreditation date: 13/12/2023
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Proactis holds and works to the following standards:; ; • ISO 27001:2013 Information Security Management System (ISMS); • ISO 9001:2015 Quality Management System (QMS); • Cyber Essentials and Cyber Essentials Plus; • The solution is also annually attested against ISAE 3402 Type 1 control objectives; • Registered as a Data Controller with the Information Commissioner’s Office (ICO). Registration number: Z1093431; • Organisational and technical controls are in place to ensure GDPR compliance; ; Additionally, our hosting service provider has ISO 27001, ISO 22301, ISO 14001, ISO 9001, PCI Compliant Hosting Services, amongst others.; ; These standards are externally audited on an annualised basis to ensure compliance. These accreditations reflect that best practice is maintained across Proactis in every activity, from processes to security, traceability to accountability, thus ensuring that everything we do is to the highest possible standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All ProActis production systems are built around a principal of no single points of failure in the infrastructure and appropriate SLAs are in place to return to normal service and not prevent the provision of applications to Customers in the event of a loss of service to a particular office. In the event of catastrophic failure; earthquake, flood, national security event, there is capacity within the secondary data centre to provide the service.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All ProActis production systems are built around a principal of no single points of failure in the infrastructure and appropriate SLAs are in place to return to normal service and not prevent the provision of applications to Customers in the event of a loss of service to a particular office. In the event of catastrophic failure; earthquake, flood, national security event, there is capacity within the secondary data centre to provide the service.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Data is backed up in encrypted format, to ensure data is independently restorable. These backups are tested weekly. In addition to this, we produce a daily resource report to ensure that the servers can deliver the software under loads they are experiencing but also to look for any pattern in spike of usage that could determine inappropriate actions are being undertaken for further investigation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: For all system related incident reporting and resolution, using secure, unique login details, users would raise a technical support ticket in the first instance using the online Proactis Support System.; ; Alternatively, users can send an email at any time. The system will automatically log the case and respond with a unique case reference number.; ; Any tickets raised are managed in accordance with a priority which is initially set by the system and then updated and controlled by Proactis. The system is automatically monitored around the clock and issues are escalated to the relevant teams/individuals for investigation and remediation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We will take a proactive, ‘one-team’ approach to minimising negative environmental impacts. This will begin via a structured collaboration programme, providing a channel for sustained engagement. At solution design workshops, we will jointly identify environmental objectives, opportunities for additional environmental benefits, and agree Social Value commitments. This will include creating a Risk Assumption Issue Dependency log, which will capture environmental risks/mitigations.; Reducing negative environmental impact also forms part of our own commitment to achieve Net Zero emissions by 2050, via our Carbon Reduction Plan and ISO 26000-aligned Corporate Sustainability objectives. They comprise measures that we implement across all operations:; • Implementing an Environmental Management System; • Energy conservation: Using low energy lightbulbs; renewable energy sources ; • Waste reduction: Recycling campaign (e.g. cartridges/batteries & via charities); digital resources; double-sided printing; avoiding single-use plastics (MI was recently appointed ‘Plastic Free Champion’ by Sheffield Action).; • Reducing emissions: Virtual meetings; encouraging public transport; Cycle to Work Scheme; Employee Electric Car Purchasing Scheme; Hybrid Working Policy (reducing office footprint by 66%).; • Reducing resource consumption: Procuring recycled products; purchasing locally; ecological cleaning products.; Education & training includes:; • Induction, with training on our Environmental Policy & Management System; • Environmental schemes, e.g. becoming ‘Plastic-free Champions’ ; • Workplace marketing/comms, driving behavioural change (e.g. recycling); • Travel campaign, requiring reporting on commuting and awareness of fuel/vehicle type.; Our Quality & Operations Manager is currently engaging with the Carbon Literacy Project to create a Carbon Literacy training programme, anticipated to be implemented in 2025.

  Tackling economic inequality

  Moore Insight are committed to supporting employees to upskill and climb the wage ladder through providing the best possible working environment and opportunities. Having been in business for almost 30 years, means that we know the importance of actively showing our staff how much they are valued for a productive and efficient team that translates into a high level of service for our clients. Therefore, we proudly maintain our Living Wage accreditation as well as being recognised by Great Place to Work as one of the UK’s Best Workplaces for Women 2023, one of the UK’s Best Workplaces in Consulting and Professional Services, and a Great Place to Work. ; With the help of the Living Wage accreditation, we will continue to recruit some of the most highly skilled consultants and employees for our business throughout any contract. We also commit to continuing to provide purposeful training and personal development courses to upskill our current employees.; Additionally, all staff receive two paid volunteering days per year to contribute to local/charity-based projects, facilitated by our employee volunteering software, Matchable. This enables staff to sign up to projects, segmented by skillset/geography, as well as assigning a monetary value to time/resource contributed for accurate measurement of impact, ensuring we are having a positive impact on the local community/economy.; As part of this contract, we would be offering our knowledge and expertise to local areas. At Moore Insight, each employee has two volunteering days a year to support the wider community. We currently use an online volunteering forum, Matchable, that allows you to focus on the locality of your volunteering as well as to specific skills and passions. The specific projects available allow employees to apply their skillset/experience to make a real impact.

  Equal opportunity

  We recognise Inclusion as a key theme and Moore Insight will commit to maintain the responsibilities set out in our Equality, Diversity and Inclusion policy throughout the duration of this contract. ; Moore Insight greatly values the individual contributions of all employees and recognises the value of diversity throughout the organisation. We have several key commitments within our policy that we will ensure to be maintained as part of any contract: ; • Ensuring terms and conditions of employment do not prevent disabled people from taking up new positions. ; • Train, develop, reward and promote on the basis of merit and ability; • New employees are asked to complete an equal opportunity monitoring form, ensuring we are able to monitor the breakdown of the workforce regarding information such as gender, age, ethnicity, disability etc.

  Wellbeing

  At Moore Insight, health and wellbeing is a key consideration throughout the organisation. Ways in which we establish this are below: ; We offer a Wellbeing Hour every month to every staff member. As part of Mental Health Awareness week in 2022 Moore Insight implemented the chance for employees to have an additional 60-minute break once a month to pursue activities that support their well-being. This is still in place as a standard benefit for all employees and most often includes extended lunch breaks, personal care, or classes relating to a hobby. This ultimately has reduced overall stress throughout the organisation, given staff more time to do something to be mindful, and care for their mental health. We would be happy to provide buyers with more details on this for you to implement within your organisations. ; Throughout any contract we will promote remote/flexible working. We allow up to 2 days a week working from home, not only does this reduce our overall carbon emissions, but also encourages a flexible working environment, enabling staff to fit their personal life around their work life.

Pricing

• Price: £14,400 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.