QUADIENT UK LIMITED

Quadient AP Automation

Quadient AP Automation is an accounts payable automation company trusted by financial professionals worldwide to help them reduce manual data entry, cut costs, eliminate risk, and enable remote work.

Features

• Invoice Automation
• Purchase Orders
• Expenses
• Mobile
• Payments

Benefits

• Better Control over the AP Process and Workflow
• Reduce manual uploading / importing of invoices and eliminate paper
• Eliminate delays and late payments in your AP process
• Control Spend
• Reduce Cost - Eliminating data entry
• Reduce Risk - Reducing Fraud, generated digital audit trails
• Empower remote teams through online approvals and payments

£227 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

328033407149928

Contact

Adam Smith
07725 826750
bids.uk@quadient.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There maybe limitations on how we integrate with an specific ERP.
• System requirements:
  • Chrome
  • Firefox
  • Microsoft Edge
  • Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Average response time is 2.5 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Intercom's web chat is compatible with screen reader software applications that allow visually impaired users to read text that is displayed on their computers. Together with keyboard navigation, providing full support to screen readers was crucial to making our Messenger accessible.
• Onsite support: No
• Support levels: SLA agreements include 2hr,4hr,8hr & 16hr.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: New customers will be assigned a Customer Service Manager who will work directly with the customer to quickly setup and configure their instance of Quadient AP. The CSM will assess the customers current accounts payable process and approval processes in order to transform that processes to a seamless and automated experience within Quadient AP. Once the customers instance is configured, the CSM will schedule a training session with key users within the accounting team and the organization so that those individuals are fully versed with the application before they go live.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Weblinks
• End-of-contract data extraction: Customers can generate PDF Reports of transactional data within Quadient AP to retain for their own purposes.
• End-of-contract process: As per terms of service a customer is required to provide Quadient AP with 60 days cancellation notice. Once this notice has expired the customers account becomes deactived and no user will be able to log in to access their data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: To be defined
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Quadient AP is accessible through a direct login accessed through a Web Browser. The service provides access to various modules such as the Purchase Order, Invoice and Expense modules and system administration settings. There are various roles which can be assigned to users, each role gives a user access to preform certain actions and access different modules within the application. User's can be restricted to certain Organizational Units (typically Departments) to further restrict what transactional data the user has access too. Roles and Organization Unit access is manage by the customer's System Administrators.
• Accessibility standards: None or don’t know
• Description of accessibility: No Information Available
• Accessibility testing: No Information Available
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can customize their Purchase Orders to include their logo, shipping and billing address and terms and conditions.

Scaling

• Independence of resources: Our solution is built from the ground up with a focus on reliability. We use multiple regions, as well as load balancers and auto scaling resources to handle increases and decreases in workload.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers have access to User Performance, Aging Invoice Approvals, Avg Time to Code and Invoice, Avg to Time to Pay an Invoice, Avg Approval an Invoice. The Dashboard Module is available to customers at a fee.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Transaction data is exported to their ERP via API, SyncTool or CSV. ; Transaction reports can be generated in PDF
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Quadient AP needs to receive accounting and other data from the customers ERP. Depending on the ERP in use, the export of this data from the customers ERP will either be via an encrypted API connection, or via the Quadient AP SyncTool, which facilitates the data using an encrypted SFTP connection, or else via a manually configured SFTP connection. Quadient AP CSMs will be able to provide more information and help to configure the secure connection depending on what ERP the customer is using.
• Data protection within supplier network: Other
• Other protection within supplier network: Data is encrypted in transit and at rest, and is logically separated and available to the client upon request. We employ a multitude of defences such as firewalls, intelligent threat detection software which monitors all cloud resources including newly created resources, a distributed antivirus which scans all inbound files, and automated policy management and violation detection.

Availability and resilience

• Guaranteed availability: We do not have a specific uptime SLA, however our resilient and autoscaling infrastructure design and processes mean that outages are exceedingly rare.
• Approach to resilience: All data and resources are hosted in multiple geographic locations ("Availability Zones").
• Outage reporting: We communicate outages directly with customers.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Quadient AP has built in Role-Based Access Control (RBAC)
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alumnus ISOQAR
• ISO/IEC 27001 accreditation date: 22/11/2019
• What the ISO/IEC 27001 doesn’t cover: The protection of all Quadient UK Limited information and data assets for the delivery of core activities surrounding the provision of a range of communication and data capture solutions in accordance with the Statement of Applicability version 1.0
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We employ a framework of policies which dictate which resources should be used, how they can be used, and which employees and contractots have the ability to them. Our security governance program also enforces rules dictating how individual resources are secured to detect and prevent malicious activity or misuse by malicious actors.
• Information security policies and processes: We have documented corporate security policies and processes such as Security Policy, Incident Management Policy, and Acceptable Use Policy, which employees are required to agree to and follow.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow an agile process and enter new sprints every two weeks to work on the highest priority identified issues.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We have periodic vulnerability testing, as well as conducting annual penetration tests. We use a distributed antivirus which scans all inbound files, and automated policy management and violation detection.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Intelligent Threat Detection software to proactively monitor all changes to our environments, and automatically notifications when anomolous or potentially malicious behaviour is detected. We also monitor network traffic for malicious inbound and outbound traffic, which is integrated with our alerting system. We also proactively monitor for potential misconfigurations, for example changes to our firewall which allow new access to the internet, and our security team is alerted in these cases for further investigation.
• Incident management type: Supplier-defined controls
• Incident management approach: We are aligned to the NIST Incident Handling Guide and have a documented process for handling incidents, including specific actions during the Identification phase, Containment phase, Eradication phase, Recovery phase, and Lessons learned phase. All incidents are fully documented and if customer data is breached, we communicate with affected customers within 72 hours.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Quadient reached the EcoVadis Platinum status and is in the top 1% of companies in its industry category. The recognition of Quadient’s performance is the result of the company’s best-in-class policies and practices, notably in the fields of climate change, circular economy, employees health & safety, flexible work conditions (e.g., remote work, flextime), protections for gender diversity and the implementation of an ethics reporting line.; Every year Quadient measures its carbon footprint according to the GHG protocol methodology, with the results being published in our registration document. These results take into account all the emissions linked to the energy consumption on our sites, business trips of our employees, and downstream and upstream goods that are transported. Emissions linked to the energy consumption of our products when used by our customers are also considered.; Quadient has accelerated its efforts in the past year to define a low-carbon strategy with set targets and initiatives. To this end, the company announced its commitment in 2021 to the 2015 Paris Agreement, aimed at contributing to limiting average global warming.

Pricing

• Price: £227 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.