CIO-OFFICE LLP

Spend Analytics

Our Spend Analytics service answers the ‘Spend Cube’ questions; who is buying what, from whom and at what price, and provides the foundation for evidence based strategic procurement.

We provide a platform for spend management and strategic procurement. Our data driven approach demonstrates the change impact on your business.

Features

• Links to SAP and other external sources
• An easy to use Dashboard based user interface
• Keyword search
• Invoice level search features
• Payment term analysis
• Number of suppliers per category
• Geographical information
• Category and supplier spend
• Configurable reports and dashboards

Benefits

• Rapid deployment – Quick Win program
• View actual spend and suppliers
• High Value – Tail Spend – Pay Term alignment
• Line item “free text” analysis – high value phrase
• Analyse, identify and prioritize savings opportunities
• Create categories based on actual spend
• Establish health of invoicing / detail level provided
• Identify opportunities for behavioural change
• Consolidate, aggregate, improve

£3,000 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at roy.irvine@cio-office.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

354862660150608

Contact

Roy Irvine
07833207816
roy.irvine@cio-office.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No service constraints
• System requirements: Standard javascript enabled web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email questions are provided with an initial response within 2 normal working days (9.00 am to 5.00 pm, Monday to Friday). Cases are prioritised according to business impact.; P1 - Service is unavailable and normal business cannot continue; P2 - Service performance compromised, some elements unavailable; P3 - Service fully available with workarounds; P4 - Service available but with cosmetic errors; ; Further response times are based on priority and complexity.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Specific support requirements are agreed and a technical account manager is identified at time of deployment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will support you through the provision of an initial discovery stage where diagnostic workshops will be carried out. A data transformation stage extracts PO & Invoice data to create the data warehouse. A calibration step processes the data to identify stop-words, calibrate word groups, assign GL codes and customer taxonomy. The data is also de-duplicated. Change control is applied to ensure data integrity. We will then configure your dashboard using standard views and creating any custom views that may be required by stakeholders such as Finance, Procurement teams and Category Leads.
• Service documentation: No
• End-of-contract data extraction: Data can be exported in MS Excel format.
• End-of-contract process: At end of contract all customer data will be returned to the client in the format provided. Dashboard access rights are withdrawn. All customer profile information is deleted. Customer data is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Pages are mobile aware. There are no operational differences.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The initial 'discovery' stage identifies any custom data views required by the customer stakeholders. These are configured and made available by CIO-OFFICE and made accessible via the online dashboard.

Scaling

• Independence of resources: CIO-OFFICE use Microsoft's Azure platform to ensure that computational and storage resources can be scaled quickly to meet user demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is stored within Microsoft's secure Azure cloud. Microsoft is recognized as an industry leader in cloud security. A defense-in-depth strategy protects data through multiple layers of security (physical, logical and data). This includes:; * Port scanning and remediation; * Perimeter vulnerability scanning; * Operating system security patching; * Network-level distributed denial-of-service (DDoS) detection and prevention; * Multi-factor authentication for service access.; ; Leveraging Microsoft's cloud platform ensures secure, scale-able and resilient hosting.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is exportable by the customer in MS Excel format.
• Data export formats: Other
• Other data export formats: MS Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service levels are agreed to reflect the requirements of individual customers. The Azure platform provides accessibility in excess of 99.95%.
• Approach to resilience: CIO-OFFICE use Microsoft's Azure Enterprise 365 E3 platform to ensure datacentre setup resilience. The platform provides availability in excess of 99.95%.; The setup utilises multiple layers of hardware redundancy, dynamic failover, multiple datacentres and service backup and restore.
• Outage reporting: Service outages are reported by email alert to a nominated customer representative or representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access restrictions are inherent within the system and are managed via the system's administrative interface.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is approached in line with the requirements of ISO27001.
• Information security policies and processes: CIO-OFFICE follows security policies and processes in line with ISO27001. Information security is overseen at board level.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CIO-OFFICE operate an Agile development lifecycle with defined sprint and release cycles. These are managed and controlled at board level.; All software changes are assessed for security impact prior to release with roll-back to previous release level if necessary.; ; Testing and development is done in specific environments and the maintenance of version control ; change management covers all operational processes and procedures. Changes take place with minimum of disruption to the service. All raised change requests are submitted to Change Management for approval. Approved changes are scheduled and proceed to completion.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As the service is provided through the Azure platform, system threats and operational vulnerability are managed by Microsoft. The service is monitored using tools provided by Microsoft Azure and other service components.; ; Service vulnerability patches are RAG risk assessed on the basis of likelihood and impact, and deployed as soon as is practicable.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CIO-OFFICE uses available monitoring tools to identify any potential compromise to the service, in line with industry best practice. After assessment, and if appropriate all users of the service will be notified by urgent email of a potential compromise. Any vulnerability will be addressed and patches applied. The service will only be suspended under extreme circumstances, where the assessment deems it appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: CIO-OFFICE have a defined incident management process in line with industry best practice. User identified incidents are reported by email and escalated to the appropriate service delivery point for resolution. The responsible Director will also be informed. Incidents are tracked from report to resolution with regular user updates by email and/or telephone as appropriate. The affected users will be notified by email on resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We will seek to deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions. We will also influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.
• Covid-19 recovery:

  Covid-19 recovery

  We will look to: Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. - Support people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding. - Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. - Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services. - Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
• Tackling economic inequality:

  Tackling economic inequality

  We will look to: - Create opportunities for entrepreneurship and help new, small organisations to grow, supporting economic growth and business creation. - Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. - Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors. - Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications. - Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
• Equal opportunity:

  Equal opportunity

  We will look to: - Demonstrate action to increase the representation of disabled people in the contract workforce. - Support disabled people in developing new skills relevant to the contract, including through training schemes that result in recognised qualifications. - Influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people. - Demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce. - Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract. - Demonstrate action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain.
• Wellbeing:

  Wellbeing

  We will look to: - Demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce. - Influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health. -Demonstrate collaboration with users and communities in the codesign and delivery of the contract to support strong integrated communities. - Influence staff, suppliers, customers and communities through the delivery of the contract to support strong, integrated communities.

Pricing

• Price: £3,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at roy.irvine@cio-office.com. Tell them what format you need. It will help if you say what assistive technology you use.