Advanced Business Solutions

Advanced Sourcing Management

Advanced Sourcing Management that enables you to quickly and efficiently engage with your supply base through the use of quick quotation tools and frameworks. Receive responses to requests for quotations directly into the solution, evaluate responses on a number of criteria and manage the resulting contracts all within one platform.

Features

• Procurement wizards guide buyers through sourcing processes in simple language
• Comprehensive supplier module leveraging previous effort
• Flexible classifications can be applied in many ways, enhancing reporting
• Teams can be defined and involved with specific relevant activities
• System captures all delegations, endorsements, and approvals throughout sourcing processes
• Out-of-the-box configuration results in minimal setup time
• Ensure compliance with best practise workflows and tasks
• Rich supplier engagement driven through a fully digital collaboration platform
• Frameworks allow for management and engagement of groups of suppliers

Benefits

• Non-procurement experts are engaged and steered to appropriate processes
• Ensure details remain current and contact information accessible to all
• Classifications drive meaningful reporting and help users locate sourcing activities
• Dashboard views highlight every request or activity within their lifecycle
• Effective collaboration can be enabled whilst sensitive information is restricted
• All critical reviews and policy appropriate approvals captured within platform
• Experts can evaluate specific areas driving price-based assessments
• Drives compliance with local and legislative sourcing requirements
• Consistent requirements across different sourcing events saving time and effort
• In-system correspondence centralises collaboration, ensures auditability and increasing uptake

£11,400 to £19,200 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

373764988090110

Contact

Bid Support
0330 343 8000
bidmanagementteam@oneadvanced.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Contract Management; Supplier Management
• Cloud deployment model: Public cloud
• Service constraints: Requires OneAdvanced Supplier and Contract Management
• System requirements:
  • OS Windows Vista, 7, 10 & 11, Apple OSX
  • Web browser - Chrome, Edge, Explorer (10+), Firefox, Safari
  • Internet connection & access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Target within 1 hour; Priority 2 - Target within 4 hour; Priority 3 - Target within 8 hour
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided around a priority and escalation system. When an incident is reported, a priority level is established based upon the information provided - understanding business impact is essential. Target service levels and response times are assigned based on an initial appraisal of the problem but can be revisited at any time by the client. The escalation procedure is designed to progress each call as efficiently as possible. SLAs are in place for escalations beyond support into the development and professional service teams.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Advanced helps users start using the service via a delivery mechanism that features the implementation as a series of configuration workshops supported by a strong cadence of UAT and acceptance sessions. When implementing Spend Management, we work closely with the Client subject matter experts to identify requirements and outcomes, following by rapid configuration and continuous finessing of the configured solution. This includes not just contract management resources but also includes other key, impacted stakeholder groups (e.g. facilities, legal, WH&S, ICT etc.). ; ; Additionally, at the commencement of Spend Management implementation, a value workshop is undertaken to identify the key outcomes to be achieved by the users. These outcomes are aligned to change management and communication outcomes which are actively promoted through the deployment and following go-live. Advanced supports these using a number of change management assets including:; Face to face Training ; eLearning; Quick reference guides, ready reckoners and knowledgebases; Education Videos; Landing Pages; ; Advanced adopts the PROSCI change management methodology, having successfully utilised this methodology on a number of large ICT and change projects.; ; Finally, As an agile software company who specialises in rapid implementation projects, Advanced adopts a risk management framework that allows for rapid identification and management of risk.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online knowledge base
• End-of-contract data extraction: Advanced ensures that off-boarding from the service is a seamless exercise. This is done through ensuring clients have ready and easy access to data and information, including the ability to export to transition to new services. There are two main methods for supporting transition out, as follows.; ; Approach 1 – Export of Data directly from the platform; This export will be conducted utilising existing methods within the system. The customers administrators will use Advanced’s reporting functionality to manually export the required data. Our Support team will be available to guide customers through this process where required. ; ; Approach 2 – Export Conducted by Advanced; This export will be conducted by Advanced, with exported data hosted on an Azure cloud storage environment to be accessed on demand by the transitioning customer. This storage facility will be available for a period of one (1) week so that the transitioning customer can utilise it in a different system or store it permanently in an area of their choosing. The turnaround time for this is roughly two (2) weeks and is a costed exercise.
• End-of-contract process: Upon completion or termination of an Advanced subscription, Customer informs Advanced that they will be transitioning out of the service, and they would like Advanced to conduct this transition out process. ; ; • Advanced Support begins working with customer’s administrators to determine all data requiring export. ; • Advanced will conduct the required export: ; • All documents stored in the solution will be stored in a cloud-based storage service and customers provided access. ; • Customers will be provided access to their Advanced Database ; ; Customers have access to this storage for a week in which they will copy exported data into a secure area owned by themselves. Longer periods can be negotiated as required. Following this the customers tenant will be retired, data removed, all documentation returned to the customer and the service completed. ; ; The above Transition Out process is designed to fit most transitions out of the service. If there are additional requirements, or questions, customers should contact their Account Manager or Advanced Support.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Services between mobile and desktop are identical, with the browser based application being responsive to screen size and resolution.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The interface is build around modern web standards (Single Page application) that in time will be installable as a progressive web application.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The platform has not been tested with users of assistive technology.
• API: Yes
• What users can and can't do using the API: The Advanced Spend Management API is created as a component on it's own and contains all the functions that a user can perform on the front end.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Our solution is built upon a highly-scalable public cloud platform (Microsoft Azure) that has a near infinite amount of resource due to the size of its network infrastructure. The platform is multi-tenanted and never limited to a single machine/data-centre, working across all available zones. The system will automatically allocate more resource if required, and downscales when no longer required, without any disruption/affect to those currently using the solution. For example, if the solution had 10,000 active users, processing power, RAM, storage and network bandwidth would scale to match system demand, then automatically lower if 5,000 users were to log-off.

Analytics

• Service usage metrics: Yes
• Metrics types: Quarterly reporting
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers are able to export their data via the Advanced Reporting and Analytics suite. Where required, customer connections can also be supported directly into the analytics database as a costed exercise.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLSX
  • Word
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We utilises Microsoft Defender for Cloud, which allows us to apply apply specialised protections for our databases (automated defence), server containers (single standardised environment hardening, built in assessment management, and real-time protection), and data/network resource (file integrity monitoring, vulnerability assessments, automated defence against hostile network traffic). ; ; Alongside TLS 1.3, a HTTPS certificate policy in place, with all users, being required to authenticate via Multi-Factor Authentication before any access or data is provided.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We utilises Microsoft Defender for Cloud, which allows us to apply apply specialised protections for our databases (automated defence), server containers (single standardised environment hardening, built in assessment management, and real-time protection), and data/network resource (file integrity monitoring, vulnerability assessments, automated defence against hostile network traffic). ; ; Alongside TLS 1.3, a HTTPS certificate policy in place, with all users, being required to authenticate via Multi-Factor Authentication before any access or data is provided.

Availability and resilience

• Guaranteed availability: Excluding planned maintenance, OneAdvanced aims for a target uptime of 99.5%.
• Approach to resilience: The solution is built on top of Azure Kubernetes Service and uses containers that have 4 different components. Each of these components can be scaled out as needed (UI, API, Workflow, Provisioning) and each component can be released without any outage using Kubernetes's rolling update feature. Kubernetes inherently compares actual state vs desired state and always attempts to keep them in sync (e.g. if a container crashes it is automatically restored by kubernetes ensuring little to no downtime). ; ; Multiple instances of each container are configured and deployed to mitigate any downtime and rare crashes with one instance of a container. The main Azure services used to deliver the application are Azure Kubernetes Services, Azure SQL, Azure Blob Storage, Azure Service Bus, Azure Keyvault and Azure Application Insights. All these services are highly redundant across at least 3 availability zones accounting for redundancy and disaster recovery at the same time.
• Outage reporting: When an outage or an issue that could potentially impact users is noticed, all applicable customers are informed via email or phone dependant on implact & severity. ; ; Customers are also able to directly call our service desk (both in and out-of-hours) to report any availability issues.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Sourcing Management has full RBAC built into the products allowing an administrator to configure granular permissions for a specific user. Note, that Authentication can be controlled by the external identity provider and authorisation controlled within the Sourcing Management tool.
• Access restriction testing frequency: At least once a year
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All activity on G-Cloud is covered by ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Access control is in place both internally and across our solutions, following a policy of minimal access whereby employees are only given the required permissions to perform their relative function, this includes, restriction to confidential information. We advise all of our customer base to follow a similar policy, regarding user access and privilege management of the provided solution.; ; We have a dedicated Talent team who produce courses with current regulation and best practice in mind. These are mandatory for all employees to undertake (e.g. GDPR compliance, vulnerability & viruses management, data handling & breaches, etc..) before they are allowed to carry out their function. Additional courses (e.g. clinical training, PID management, legal assessment, etc.) are also in place for those in the applicable sector. Courses are renewed when applicable, or annually at a minimum.; ; Risk management processes are in place, whereby incidents found or reported are assessed based on impact and severity. Depending on the assessment, applicable actions may be taken as laid out in our ISMS, Disaster Recovery and Business Continuity policies. Escalation paths are provided and can be used as needed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Sourcing Management has rigorous change management and configuration change processes where all changes must be performed in lower integration environments, tested and approved prior to progressing through to high level production environments.; ; Only the Platform Lead and Chief Of Technology can approve changes made from a lower environment into production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: 1. Security patches must be reviewed monthly in line with the patch release cycle and installed every 6 months if applicable.; 2. All security patches must be reviewed and tested on lower tier environments.; 3. Once testing is completed security patches must be released into production servers.; 4. Only security related patches are mandatory to install. All other patches are reviewed and deployed outside of this process.; 5. If a security related patch is deemed critical, it must be prioritised; 6. All software required to complete an employees’ role must be provided as part of the standard software offering.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The solution leverages Azure Security Defender (as part of Defender for Cloud) for protective monitoring and alerting. These alerts are reviewed daily to determine if there has been a security breach. These are then followed up as required.; ; These alerts range from anomalies detected by Azure Defender based on access to a number of Azure Services such as Firewalls, storage accounts, Azure SQL, Virtual Machines, etc.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents found or reported are assessed based on impact and severity. Depending on the assessment, applicable actions may be taken as laid out in our ISMS, Disaster Recovery, and Business Continuity policies. ; ; Customers will be informed as soon as possible if any of these policies are enacted, with an ongoing channel of communication between setup.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to building a better tomorrow for our staff, customers and wider community through outstanding environmental sustainability performance. Our vision is underpinned by five core principles:; To protect the environment by reducing our carbon footprint; To reduce the environmental impact of our operational activities through effective management of our estate; To create and maintain a positive environmental sustainability culture; To maximise the positive impact of our sustainability actions through effective communication, collaboration and partnership; To fulfil all environmental compliance obligations and seek to exceed regulatory requirements; To achieve this vision, we continuously invest in and develop our ESG strategy to provide a structured and meaningful approach to our climate activity. Our success also relies on effective engagement with staff, utilising and developing their skills, knowledge and understanding.; We have launched a number of initiatives to reduce our GHG emissions on an annual basis, since 2018 we have seen a reduction in 36% in our total GHG emissions.; We are proactive in the property management of our offices, maintaining pressure on landlords and staff to ensure energy efficiency. Home working is facilitated and encouraged, and unnecessary travel is minimised by the delivery of consultancy, training and implementation services remotely, where appropriate. Reducing the amount of paper we generate is a key focus, and we use recycled paper - which we then recycle ourselves. We have also taken steps to recycle other materials such as plastics, food and cardboard. We comply with WEEE regulations and recycle our electrical items. All our UK based offices are entirely using green electricity and we have undertaken an office consolidation project to minimise unnecessary carbon expenditure.; We are focused on our transition to a Cloud service company ensuring our customers have solutions which are future proofed and don’t require costly or energy inefficient hardware.

  Covid-19 recovery

  In the event of a similar incident OneAdvanced has a documented Health and Safety policy regarding Covid-19 Arrangements, which focuses on handwashing, hygiene, self-isolation and social distancing.; As part of our transition to hybrid working we provided all employees with the materials and processes to allow them to work at home indefinitely. In the event of a similar incident all staff are able to work from home for as long as is required. This allows them to prioritise their health and safety and avoid risk of transmission.; Working from home is undoubtedly challenging and may have a negative impact on the wellbeing of our employees. We provided guidance for staff working from home to stay connected e.g., quizzes, coffee mornings and time allocated for informal catch ups.; We have also made changes to our approach to visiting customers on-site. Where appropriate, training and consultancy can be provided virtually.; With the increase in remote work and changes in the software landscape we have invested significantly in digital transformation and cyber security to ensure the safety of the business, employees and customers. This includes protection of personal data.

  Tackling economic inequality

  OneAdvanced is committed to tackling economic inequality. We are renowned for our recruitment processes which seek to eradicate biases that can perpetuate economic inequality. We hire for potential rather than based on experience. ; Our commitment to tackling economic inequality is also exemplified in our pay reporting transparency. In addition to the legal requirements to produce a Gender Pay Gap Report, we have also released our Diversity Pay Gap Report to ensure accountability and so that we can take steps to address economic inequality within our own employee base. ; As we develop as an organisation and embrace our role in bettering society we are building features into our products to assist us in tackling economic inequality. One example of this is our education software that is used by prisons in the UK to help educate individuals that have been in the prison system and broaden their opportunities for education. Another example is the service we provide to many NHS offices across the country which allow them to act more efficiently and see more patients each day. ; A focus of OneAdvanced is to commit to increasing our community outreach. As part of our strategy we are planning to implement a regular schedule of community education workshops for local schools, colleges and other groups. Examples include ‘How to get started in Tech’ and coding classes. Each employee is entitled to 1 paid day they can use to volunteer for a cause close to their heart including those that are aimed at helping those from lower socio-economic areas. ; Our learning and development team are in place to allow our staff the opportunity to develop their skillset and further their professional career. This can allow disadvantaged individuals to increase their opportunities to secure high paying jobs both within the software industry and outside of it.

  Equal opportunity

  Cultivating a diverse workforce and inclusive culture is a priority for OneAdvanced. Diversity of experience, age, race, ethnicity, culture, gender and sexual orientation provides a wide range of talent from entry level through to our leadership teams creating richer perspectives and a powerful frame of reference. ; Not only is it right to recognise and celebrate differences, and ensure everyone has the opportunity to thrive, but creating a culture that is genuinely committed to a meritocratic workplace is important to our success. Ensuring all our employees understand and engage with our values, and have the opportunity to realise their full potential, is fundamental to our business. ; We have published 4 Diversity Pay Gap reports that extend beyond the legal requirement for gender to ethnicity, sexuality, education, disability and socio-economic status. This data provides transparency and will aid us significantly on our journey to creating a fair and equitable workplace for all. ; OneAdvanced is delighted to have been announced as one of the top 100 Diversity Leaders of 2020 across UK businesses following an independent survey carried out on behalf of the Financial Times. The award assesses diversity across gender, age, ethnicity, disability and sexual orientation, and ranks organisations in Europe on the extent to which they offer diverse and inclusive workplaces. The survey focused on two broad areas, looking at the scale in which employers promoted diversity within the workforce, and identifying companies that stood out when it came to encouraging diversity and equal opportunities. ; OneAdvanced is renowned for its innovative recruitment process, which seeks to eradicate bias – unconscious or otherwise – when hiring. In our recruitment, we use tools that give us additional insight into intellect and attitude, and remove CVs from the interview process, so managers go in without preconceptions.

  Wellbeing

  We take wellbeing very seriously at OneAdvanced, employees have access to the following initiatives to promote wellbeing: ; Our Employee Assistance Program (EAP) is a 24/7 phone line where our employees can speak to a trained professional regarding any matters. Whether that is related to their current workload, or whether it is related to their finances for example. This service is 100% confidential. ; The Wellbeing hub on our internal website is central point for resources, such as the Thrive app to which our employees have an access code. In addition, the Hub is a link to our partnership with Perks at Work who offer discounts and classes for wellbeing, fitness, and meditation. ; Our offices have been made more friendly and accessible than ever before as part of our office changes brought on by the new, flexible ways of working. All our offices now contain a ‘wellbeing room’, sharp boxes for needles and free sanitary products in all bathrooms (available to guests as well as our staff). ; We are undertaking an exercise to update our employee value proposition and undertook research to identify what factors employees themselves want. This was done so we can provide benefits that our employees will value from the most and benefit their health and wellbeing.

Pricing

• Price: £11,400 to £19,200 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Trial sites are available for the Sourcing, Contract and Supplier modules for Advanced Spend Management. Where required, these can be provisioned via a Request to Advanced. Once provisioned, these sites are available on a time limited basis.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.