THINKING MACHINE SYSTEMS LTD

Telco Machine (Telecom Expense Management)

Telco Machine is a new breed of Telecom Expense Management that sits at the cross-section of Cost Savings & Expense Management services.

It holds patented technology for integrating analytics between contracts and invoices, automating cost saving identification and simplifying reporting of complex services.

Features

• Integrates invoices from diverse suppliers, services, geographies, into master invoice
• Automated identification of cost saving opportunities with detailed recommendations
• Embedded real-time audit service identifying supplier billing errors
• Very little integration requirements - offers full functionality from PDFs
• Automated dashboard creation from PDF invoices
• Automates manual tasks for complex service reporting
• Benchmarking database of all UK/EU Telco suppliers
• Translate written word of contracts to the line item expenses

Benefits

• Generates immediate savings of 10-15% from existing contracts
• Generates year-on-year savings of 10-15% from existing contracts
• Negotiate cheaper contracts by 15-20%
• Save time by automating data preparation and report creation
• Create new supplier management capability with a single global invoice

£2,000 to £100,000 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Richard@thinkingmachine.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

320362995653136

Contact

Richard Martin
07366195591
Richard@thinkingmachine.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Our standard deployment utilises private cloud with robust data security policies and end-to-end data encryption. A custom deployment, such as on-premise, can be scoped as required.
• System requirements:
  • Consistent internet access
  • Browsers, e.g. Edge / Chrome / Firefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Basic support is provided at a 12x6 level. Responses can be expected within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Two support levels are provided: ; 12x6 (included in base cost); 24x7 for an additional £500 per month; ; Dedicated account managers are provided as part of the base cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide live virtual training for all Primary users up to half a working day. User documentation made available to all users.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: They are provided a manual extract to a nominated stakeholder.
• End-of-contract process: Clients may receive full extracts of their data by the end of the contract, with any further reports as may be required. Evidence can be shown of client data being purged at the termination of the contract. ; ; Any further services, like porting data to another platform, will be billed at SFIA rates.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users access a web portal which presents them with various reporting, analytic dashboards, recommendations for cost-saving actions, and action trackers.
• Accessibility standards: None or don’t know
• Description of accessibility: Users can:; * Interact with analytic dashboards; * View and download reports as PDF; * Approve or reject suggested action items
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: We consult with our users on their API requirements and establish the API according to their requirements.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users may customise their reporting structures, such as creating cost centres or configuring reports to display particular dimensions. Customisation is available for all Primary users, however administrators may request to further refine access levels according to user roles.

Scaling

• Independence of resources: We use an elastic demand arrangement with our current cloud provider Azure, which will be maintained for any future cloud provider we may use. Customers are also provided standard SLAs we will adhere to within the base cost.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Standard exports are available via Excel, PDF, Powerpoint
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • PDF
  • PPT
• Data import formats:
  • CSV
  • Other
• Other data import formats: Custom tables made available on the portal

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: TMS will perform its agreed function when required and is calculated and reported on a monthly basis. Standard SLA for availability is 99.5%; ; • Failure to meet SLAs for 2 Consecutive Months results in 3% credit of the 2nd month's Monthly Service Fees; • Failure to meet SLAs for 3 Consecutive Months results in 5% credit of the 3rd month's Monthly Service Fees; • Failure to meet SLAs for 4 Consecutive Months results in 10% of the 4th month's Monthly Service Fees, and any additional months until TMS is back in compliance
• Approach to resilience: TMS leverages best-in-practice tools and platform. TMS primarily uses Azure infrastructure with regular Microsoft consultancy to ensure an optimal configuration.
• Outage reporting: Email alerts are sent to all affected users with appropriate lead-times given for scheduled events.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Multiple access layers are used to control access. All users (Primary & Limited) are provided credentials to the TMS portal, which can be further refined using RLS (Row Level Security) to restrict access to certain reporting features as well as management features. Customers may nominate further access definitions during deployment.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have implemented an operational model that demonstrably shows data handling is performed in a tightly controlled environment with breaches reported on immediately, with end-to-end encryption applied for incoming / outgoing data. ; ; We have a robust understanding of the standard data we handle and where it falls in line with DPA / GDPR regulations. While the majority of data we handle is sensitive not personal, we have processes in place to identify any unexpected data fields.
• Information security policies and processes: We have a information security policy that is delivered to all current and future staff. Should any breaks of policy occur, there is a defined set of processes for managing the non-compliance in an appropriate way.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: TMS has documented processes managing each aspect of configuration & change management (enhancements, bug fixes, changes). We are committed to ensuring that activities can be undertaken in a controlled and efficient manner, where changes are tested in pre-production environment including multiple security tests such as assessment, vulnerability, penetration, compliance testing. Further security tests are performed once changes are made into the production environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: • Annual third-party vulnerability scans and penetration testing; • Monthly internal vulnerability scans using IDS/IPS tools; • Utilises latest AWS environment to provide services; • Servers are up-to-date with vendor OS and application patches, utilising automatic patching and regular checks to ensure patches are up-to-date
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: TMS uses AWS monitoring tools for compliance tracking or identifying unusual behaviour at different points of data transfer and network connectivity. Where potential compromises are identified, they are reviewed immediately with defined response categories depending on the severity. TMS will notify impacted customers as soon as practical after a security event or breach (1 - 2 calendar days).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: TMS incident management process includes documented maps and process diagrams to describe the incident management process, RACI for role and responsibilities, KPI's to control the effectiveness of processes, and standard operational procedures for using this information.; ; Customers are able to report incidents directly to TMS at any time, and can request incident reports at any time via TMS support.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  N/A; ; Our service indirectly supports sustainability and social good through efficient generation of added time and financial resources that our customers can choose to put towards sustainability and social good objectives.
• Covid-19 recovery:

  Covid-19 recovery

  N/A; ; Our service indirectly supports Covid-19 recovery through efficient generation of added time and financial resources that our customers can choose to put towards additional human resource or sustaining current employment levels.
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  N/A
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £2,000 to £100,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We'll produce a free summary report highlighting your cost savings potential. ; ; The summary report is based on analysing your contracts and invoices to identify accurate cost savings figures. ; ; This report is used to align internal stakeholders on the cost saving opportunities available.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Richard@thinkingmachine.co. Tell them what format you need. It will help if you say what assistive technology you use.