Advanced Business Solutions

Purchasing (formerly “Cloud Marketplace”)

A cloud-based, fully managed eCatalogue marketplace and transaction hub that can be enabled via punch-out with customer ERP/Finance/P2P systems, or by utilising the electronic requisitioning module featuring highly flexible workflows and goods receipting. Buyers can leverage the existing and extensible supplier network to trade electronically and manage their spend effectively.

Features

• Fast easy to use and intuitive user interface
• Unique fully managed supplier enablement service
• Over 30 million products; rich data consistently classified and enhanced
• Accurate data feeds into order process
• Complete control on suppliers and product visibility
• Scalable; incorporates all free text as well as catalogue suppliers
• Modular system fits into your existing business system landscape
• Highly flexible requisition workflows seamlessly integrated from eCatalogue
• Flexible eGRN capability, includes returns and adjustments
• Tolerance based, automated invoice pre-matching and analytics

Benefits

• Rapid adoption and ongoing compliance deliver year-on-year savings
• High quality data that is always fully up-to-date
• Meaningful comparison, best purchasing decisions, accurate orders, meaningful spend analysis
• Accurate budget commitments, massive reduction in mismatched invoices
• Contract compliance and efficiency savings
• Maximise supplier reach and support return of e-procurement implementation investment
• Leverage your existing IT investment, flexibility as business requirements change
• Matching rates as high as 97%; faster payments, efficiency gains
• Single integration point from finance system but flexibility for suppliers
• Facilitate supplier rationalisation and category management through spend analytics

£28,490 to £37,960 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

359695945380693

Contact

Bid Support
0330 343 8000
bidmanagementteam@oneadvanced.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Purchasing solution can be deployed to customers in different ways. It is commonly integrated into a finance system to provide an online eCatalogue and transaction hub. However, it can also be used standalone with our eRequisitioning module (an optional module available within this service).
• Cloud deployment model: Hybrid cloud
• Service constraints: The solution is deployed to users via web browsers. We use responsive techniques in UX design to allow pages to be viewed in variety of form factors (e.g. desktop, mobile, tablet) and our developers use a number of different platforms in building the product. Our Browser Support Policy is updated every quarter and modern versions of Internet Explorer, Firefox, Chrome and Safari are all fully supported. Releases are deployed on weekday evenings (Monday – Thursday) after 6:30pm, and the maximum downtime duration is 1 hour. Customers are notified of downtime by e-mail with a minimum of 48 hours notice provided.
• System requirements:
  • Add URL to browser trusted site list for optimal performance
  • Modern version of Internet Explorer, Firefox, Chrome or Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Target within 1 hour; Priority 2 - Target within 4 hour; Priority 3 - Target within 8 hour
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided around a priority and escalation system. When an incident is reported, a priority level is established based upon the information provided, understanding business impact is essential. Target service levels and response times are assigned based on an initial appraisal of the problem but can be revisited at any time by the client. The escalation procedure is designed to progress each call as efficiently as possible. SLAs are in place for escalations beyond support into the development and professional service teams.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of our evolving platform strategy we utilise a Product-Insight platform on our SaaS portfolio. Not only does it allow in-app notifications and walkthrough guides to improve the user experience but it allows our development teams to understand product adoption, and gather measurable feedback on developments. This also supports a Resource Centre, where up to date user guides that cover all areas of the application are accessible for users. As new enhancements are released, the resource centre will be updated, and tool tips, feature notifications and in-app walkthrough guides are used to show users how to access and benefit from the new features.; We should of course also make clear that the vast majority of end users are able to use the system successfully without any specific marketplace training. Importantly, we work closely with our key central contacts from each Customer organisation post Go Live, to ensure both that the terms of the contract and SLA are met, and to deliver an agreed success plan to drive adoption and ongoing usage by the end user community. Advanced also facilitate introductions and collaborations between new and existing customers via events and User Groups, to which our customers are all invited.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Swagger
• End-of-contract data extraction: We have an established exit management process in place to retire customers. The aim would be to work closely with the client to enable a smooth and secure transition during exit so the process covers both transactional wind down and data migration. Note that following termination, the customer would as standard have no further access to the solution, or their historical data. Prior to that point, the customer will be able to save details of their transactions from the system if required. Please note however, that whilst Advanced facilitates electronic trading between Buyer and Supplier organisations, the solution is typically deployed such that all key data is already transferred to the ERP through business as usual activity. In a typical configuration, all purchase orders sent out by Advanced will already have been authorised by, and exist within the ERP. Similarly, all electronic invoices which pass the Advanced pre-match will have been made available to the ERP to pull down and process for payment. And additionally, all user logins/details created by the Buyer within the system will be for members of staff who are already recorded within the Buyer’s systems etc.
• End-of-contract process: We have an established exit management process in place to retire customers. The aim would be to work closely with the client to enable a smooth and secure transition during exit so the process covers both transactional wind down and data migration. Note that following termination, the customer would as standard have no further access to the solution, or their historical data. Prior to that point, the customer will be able to save details of their transactions from the system if required. There is no additional cost to the customer for saving details of their historical transactions from the system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is deployed to users via web browsers. We use responsive techniques in UX design to allow pages to be viewed in a variety of form factors (e.g. desktop, mobile, tablet) and our developers use a number of different platforms in building the product. All key functions will be available across all supported browsers irrespective of the screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is deployed to users via web browsers, through which end users, super users and organisation administrators can manage all the functions relevant to them.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The system is designed to support accessibility for all types of users. All common user interface functions in the Science Warehouse solution are designed and developed to satisfy WCAG 2.0 AA. Consequently the site should be compatible with the majority of common accessibility tools, including but not limited to screen reading tools.
• API: Yes
• What users can and can't do using the API: The API provides secure, standards-based integration with modern finance and ERP systems through REST/JSON. The API enables accurate and timely data transfer between your system and Advanced, providing end users with an optimal and controlled procurement environment. All calls are initiated by the buyer system and a range of actions are available, e.g. POST, PUT, GET, PATCH, DELETE. Authorisation for the API is controlled via OAuth2 tokens. Documentation is provided to customers through Swagger.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Advanced provides a flexible modular solution that can be customised in different ways ranging from the modules that are licensed, or made available to business units or users, integration methods, the suppliers that are connected, the workflows that are configured, the branding of the screens etc. Control exists at three levels - end users would be able to select some personal preferences (e.g. the ordering of solution elements on their homepage, or the Buyer Insight reports that are displayed there), considerable control would be divested to specific administrator users within customer accounts, and some by Advanced's implementation and support teams. All customisation by customers would be managed through their user interface.

Scaling

• Independence of resources: Our solution is a web-based SaaS. As such we use a load-balanced server cluster which has been load tested to handle significantly more concurrent user activity than we currently experience. We have a capacity planning strategy that monitors and maintains the level of redundancy desired and the majority of the system is provisioned on elastic infrastructure that can be scaled quickly if required.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are available from within the system covering user activity (search actions performed etc) in addition to business transactions. Infrastructure is monitored in real time with proactive monitoring ahead of agreed thresholds being breached, whereby incident management action is triggered.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Multiple interfaces are available for users to extract their data. Core transactional data, such as purchase order and invoice details, can be extracted through the user interface, as can supplier catalogues, price files and price change reports, and a host of other management information. Access to export data is restricted according to user permissions and the location of user accounts within the organisational hierarchy. Data can also be exported directly into other systems through the API.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Buyers can connect via HTTPS to our website. Once the connection reaches the load balancer, traffic is sent to the HTTPS protocol and after this all network communication is performed within a virtual private network with no external access. Alternative communication mechanisms have also been deployed with specific customers, whilst ensuring that appropriate data protection mechanisms are always in place. We also expose API's that allow buyers to communicate with our system - and which are protected by Oauth2 tokens.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Once data is within the network, HTTPS is used to connect all services within the VPC, and all services are protected by security groups to reduce the access to only the load balancer for that service. VPC's are also protected by network access control lists for both in- and outbound traffic to ensure access is tightly controlled. Data that is transferred via AWS services such as kinesis or SQS, utilises assumed roles for specific services, again to ensure access is securely locked down.

Availability and resilience

• Guaranteed availability: Minimum 99.7% (Based on Monday to Friday - 8 - 6pm, excluding public holidays)
• Approach to resilience: All services are distributed over 2 out of 3 availability zones within AWS and served via load balancers to ensure resilience of the network. Each service is monitored by an auto scale group such that if a service was to go down the auto scale group will start up a new instance, ensure the system effectively self heals. All services use immutable infrastructure to ensure that termination of a virtual machine does not matter. Our database contains 2 instances, a writer (master) node and a replica reader node. In the event of a failure the service will automatically failover to the other node. Again these nodes are served over two availability zones to allow failover in the event of a power cut.
• Outage reporting: The Advanced Managed Hosting service will proactively monitor the environment and provides Advanced with timely warnings of issues arising to allow pro-active intervention. Monitoring is focussed on the health of the services and security.; The solution also captures capacity information over a period of time to allow for effective management.; ; Advanced will:-; ; 1. configure and maintain a Monitoring Service to monitor and alert against detection thresholds;; 2. resolve failures and errors in the Monitoring Service in accordance with the Incident Management Service Levels; 3. ensure that critical and major monitoring alerts are reviewed and, where appropriate, an Incident logged by the Service Desk; 4. assign Incidents arising from monitoring to Advanced Service Desk for diagnosis and resolution; 5. capture server and network infrastructure data to enable the provision of capacity trend analysis; ; Alerts will be remediated within contracted Service Levels and customers notified through standard processes.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Users are authenticated by username and password.; Where users punchout to our solution from another system, then credentials are carried in the XML PunchOutSetupRequest message and aren't visible to the end user. A successful PunchOutRequest will return a 200 response and the URL to which the client’s browser should be redirected in order to commence the session.; Some users may also login directly by entering their details into the login screen and these would then be validated. We also utilise OAuth2 tokens to authenticate transactions from external sources and within the solution, and 2-factor authentication is currently being rolled out.
• Access restrictions in management interfaces and support channels: Only a sub set of internal users have access to our management interfaces and more powerful interfaces are closely controlled. We use a role-based access control framework to define user access levels.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Username/password authentication is used for customer facing configuration management. 2FA is in place for role-based access to the AWS console and we also utilise public/private key pairs for lower level server/database level administration.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI (British Standards Institution)
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All activity on G-Cloud is covered by ISO 7001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Advanced Information information and security policies align to ISO 27001:2013.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our Change Management process is built on the ITIL framework and is part of our ISO 27001 certified ISMS. We use a group of configuration management tools to control different aspects of our solution and there is a formal change management process for progressing modifications to the live environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All vulnerabilities are managed via our ISMS risk management process. New threats are identified from a variety of channels including specialised news feed monitoring, vendor and partner notifications. We also retain a security consultancy whose remit includes threat horizon monitoring. We also conduct periodic vulnerability scans to explore for potential issues and our hosting partners use similar approach for the background infrastructure. Patch deployment speed is closely linked to the risk benefit assessment including if alternative mitigation is already in place through our “defence in depth” strategy. This means that patching can be scheduled to minimise end-user impact.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Both active monitoring for anomalies and log review are used to identify potential issues. Depending on the type and clarity of potential compromises we may either investigate further or initiate our Major Incident Process to assess the full severity. All these however are escalated for broad internal awareness. The initial response will be within the hour during business hours and we have staff on call outside this for major issues.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents should be directed to our Support Desk, the majority of issues and low level incidents are handled as part of the service desk process based in the ITIL framework. If required we invoke our documented Major Incident Process. This provides details a framework for handling events including; actions, escalation routes, communication plans and timelines, closure criteria and root cause analysis. Post incident reports are issued through our account management team. Any breaches of security that compromised customer details would be assessed for reporting to the Information Commissioners Office or other relevant authorities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Joint Academic Network (JANET)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to building a better tomorrow for our staff, customers and wider community through outstanding environmental sustainability performance. Our vision is underpinned by five core principles: ; ; To protect the environment by reducing our carbon footprint ; To reduce the environmental impact of our operational activities through effective management of our estate ; To create and maintain a positive environmental sustainability culture ; To maximise the positive impact of our sustainability actions through effective communication, collaboration and partnership ; To fulfil all environmental compliance obligations and seek to exceed regulatory requirements ; ; To achieve this vision, we continuously invest in and develop our ESG strategy to provide a structured and meaningful approach to our climate activity. Our success also relies on effective engagement with staff, utilising and developing their skills, knowledge and understanding. ; ; We have launched a number of initiatives to reduce our GHG emissions on an annual basis, since 2018 we have seen a reduction in 36% in our total GHG emissions. ; ; We are proactive in the property management of our offices, maintaining pressure on landlords and staff to ensure energy efficiency. Home working is facilitated and encouraged, and unnecessary travel is minimised by the delivery of consultancy, training and implementation services remotely, where appropriate. Reducing the amount of paper we generate is a key focus, and we use recycled paper - which we then recycle ourselves. We have also taken steps to recycle other materials such as plastics, food and cardboard. We comply with WEEE regulations and recycle our electrical items. All our UK based offices are entirely using green electricity and we have undertaken an office consolidation project to minimise unnecessary carbon expenditure. ; ; We are focused on our transition to a Cloud service company ensuring our customers have solutions which are future proofed and don’t require costly or energy inefficient hardware.

  Covid-19 recovery

  In the event of a similar incident OneAdvanced has a documented Health and Safety policy regarding Covid-19 Arrangements, which focuses on handwashing, hygiene, self-isolation and social distancing. ; ; As part of our transition to hybrid working we provided all employees with the materials and processes to allow them to work at home indefinitely. In the event of a similar incident all staff are able to work from home for as long as is required. This allows them to prioritise their health and safety and avoid risk of transmission. ; ; Working from home is undoubtedly challenging and may have a negative impact on the wellbeing of our employees. We provided guidance for staff working from home to stay connected e.g., quizzes, coffee mornings and time allocated for informal catch ups. ; ; We have also made changes to our approach to visiting customers on-site. Where appropriate, training and consultancy can be provided virtually. ; ; With the increase in remote work and changes in the software landscape we have invested significantly in digital transformation and cyber security to ensure the safety of the business, employees and customers. This includes protection of personal data.

  Tackling economic inequality

  OneAdvanced is committed to tackling economic inequality. We are renowned for our recruitment processes which seek to eradicate biases that can perpetuate economic inequality. We hire for potential rather than based on experience. ; ; Our commitment to tackling economic inequality is also exemplified in our pay reporting transparency. In addition to the legal requirements to produce a Gender Pay Gap Report, we have also released our Diversity Pay Gap Report to ensure accountability and so that we can take steps to address economic inequality within our own employee base. ; ; As we develop as an organisation and embrace our role in bettering society we are building features into our products to assist us in tackling economic inequality. One example of this is our education software that is used by prisons in the UK to help educate individuals that have been in the prison system and broaden their opportunities for education. Another example is the service we provide to many NHS offices across the country which allow them to act more efficiently and see more patients each day. ; ; A focus of OneAdvanced is to commit to increasing our community outreach. As part of our strategy we are planning to implement a regular schedule of community education workshops for local schools, colleges and other groups. Examples include ‘How to get started in Tech’ and coding classes. Each employee is entitled to 1 paid day they can use to volunteer for a cause close to their heart including those that are aimed at helping those from lower socio-economic areas. ; ; Our learning and development team are in place to allow our staff the opportunity to develop their skillset and further their professional career. This can allow disadvantaged individuals to increase their opportunities to secure high paying jobs both within the software industry and outside of it.

  Equal opportunity

  Cultivating a diverse workforce and inclusive culture is a priority for OneAdvanced. Diversity of experience, age, race, ethnicity, culture, gender and sexual orientation provides a wide range of talent from entry level through to our leadership teams creating richer perspectives and a powerful frame of reference. ; ; Not only is it right to recognise and celebrate differences, and ensure everyone has the opportunity to thrive, but creating a culture that is genuinely committed to a meritocratic workplace is important to our success. Ensuring all our employees understand and engage with our values, and have the opportunity to realise their full potential, is fundamental to our business. ; ; We have published 4 Diversity Pay Gap reports that extend beyond the legal requirement for gender to ethnicity, sexuality, education, disability and socio-economic status. This data provides transparency and will aid us significantly on our journey to creating a fair and equitable workplace for all. ; ; OneAdvanced is delighted to have been announced as one of the top 100 Diversity Leaders of 2020 across UK businesses following an independent survey carried out on behalf of the Financial Times. The award assesses diversity across gender, age, ethnicity, disability and sexual orientation, and ranks organisations in Europe on the extent to which they offer diverse and inclusive workplaces. The survey focused on two broad areas, looking at the scale in which employers promoted diversity within the workforce, and identifying companies that stood out when it came to encouraging diversity and equal opportunities. ; ; OneAdvanced is renowned for its innovative recruitment process, which seeks to eradicate bias – unconscious or otherwise – when hiring. In our recruitment, we use tools that give us additional insight into intellect and attitude, and remove CVs from the interview process, so managers go in without preconceptions.

  Wellbeing

  We take wellbeing very seriously at OneAdvanced, employees have access to the following initiatives to promote wellbeing: ; ; Our Employee Assistance Program (EAP) is a 24/7 phone line where our employees can speak to a trained professional regarding any matters. Whether that is related to their current workload, or whether it is related to their finances for example. This service is 100% confidential. ; ; The Wellbeing hub on our internal website is central point for resources, such as the Thrive app to which our employees have an access code. In addition, the Hub is a link to our partnership with Perks at Work who offer discounts and classes for wellbeing, fitness, and meditation. ; ; Our offices have been made more friendly and accessible than ever before as part of our office changes brought on by the new, flexible ways of working. All our offices now contain a ‘wellbeing room’, sharp boxes for needles and free sanitary products in all bathrooms (available to guests as well as our staff). ; ; We are undertaking an exercise to update our employee value proposition and undertook research to identify what factors employees themselves want. This was done so we can provide benefits that our employees will value from the most and benefit their health and wellbeing.

Pricing

• Price: £28,490 to £37,960 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.