Supply Chain Assurance
Achilles collect and validate supplier data to mitigate risks globally. This data-driven insight builds more secure, sustainable, better performing supply chains.
By creating a single process where buyers can find qualified suppliers, we make doing business easier for everyone.
Features
- Supplier pre-qualification online questionnaires
- Supplier data validation (in-house team)
- Risk level analysis
- Compliance and performance scoring
- Watch List monitoring and alerts
- Supply Chain Mapping
- Sustainability, Ethics, Carbon & Modern Slavery conformance
- Cloud based SaaS solution
- 3rd party data enrichment
- Risk specific Questionnaires
Benefits
- Source from approved, qualified suppliers
- Strategic decision enabling Insights & Analytics reporting available
- Supplier support (email and telephone)
- Multi tier supply chain visibility
- Receive Alerts on Supplier status changes
- Ensure your supply chain is Sustainable
- On-site Auditing service available
- Choose questions H&S, Environment, Carbon, Cyber, Modern Slavery, Sustainability
- All supplier data is fully validated
- Raise standards throughout your supply chain with continuous improvements
Pricing
£15,000 to £75,000 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 8 9 7 7 0 9 1 1 2 1 9 8 9 8
Contact
Achilles Information Limited
Jennifer Smith
Telephone: 07917630010
Email: jennifer.smith@achilles.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- Modern browser
- Access to internet
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
During working hours 30 minutes response.
Online help articles available at weekends. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Dedicated Account Manager
Technical level 1 to 3 support
Dedicated Supplier on-boarding manager - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We provide onsite training, online training, user guides and telephone support.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Users are given the option to extract a CSV file
- End-of-contract process
- All client data remains the property of the client and can be extracted and deleted from the Achilles system
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Questions
Scoring
Assessment
Achilles works in partnership with each client to understand their specific needs and customise the service as required.
Scaling
- Independence of resources
- Achilles uses load balancing to efficiently distribute incoming traffic across a group of back end servers
Analytics
- Service usage metrics
- Yes
- Metrics types
- System overview and audit tracking
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- Other locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Via CSV or Excel extract
- Data export formats
-
- CSV
- ODF
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.5% up time excluding planned maintenance
- Approach to resilience
-
No single point of failure in network and server design.
Protection for single component failure provided by Hardware Load Balancing and Server Clustering. - Outage reporting
-
A hosted Service Status Page is available publicly.
Services and Hardware are monitored 24/7 with email alerts to Global support teams.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is controlled through a Role Based Access model with data restricted to its intended audience.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 21/02/2019
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
ISO27001 ensures policies and procedures are adhered to by all Achilles staff.
For example, a Security Incident would be raised to the Security Team and regularly reviewed by the Security Committee and Executive Board.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Changes are raised with documented risk assessments and clear implementations including rollback scenarios.
These changes are then Peer reviewed by a senior member of staff before being approved by a Technical Manager.
There is a regular CAB meeting to oversee all changes. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
All systems are patched on a quarterly basis through centrally managed mechanisms.
Zero day vulnerabilities are patched as soon as possible.
Security partners such as Microsoft, Sophos, Qualys and external hosting provider. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
All servers are protected by Anti-Virus, Service Incident Event Management (SIEM) log collection, and IPS/Firewalls.
Security Partner monitors events 24/7 and escalate incidents via agreed teams. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
As part of our ISO27001 accreditation we have an ISMS that all Achilles staff can access to report Security Incidents.
Incidents are then reviewed and correctives actions are taken if necessary.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
The reduction of Greenhouse Gas emissions is the core DNA of our Carbon Reduce Programme Offering. We are the UK's only accredited GHG Certification Scheme, Globally the programme has help organsiations and enterprises measure, manage and reduce their GHG emissions. With over 4500 ISO14064-1 Certificates issues, over 200million tonnes of GHG under-verification with average carbon reductions of 30% in 3 to 4 years and 50% in 5 to 6 years we lead the transition to a low carbon future and a net zero world - Covid-19 recovery
-
Covid-19 recovery
We are focused on delivering a green solutions recovery in a post Covid-19 economy to enable Net Zero Transition - Tackling economic inequality
-
Tackling economic inequality
Our programme operates as a membership thus insuring business of any size are able to access - Equal opportunity
-
Equal opportunity
Achilles welcomes people of all backgrounds. We foster a diverse and inclusive culture that empowers staff to grow and maximise their skills in an environment free from all forms of inequality. - Wellbeing
-
Wellbeing
The wellbeing of our employees is central to the success of Achilles, therefore we strive to ensure that we provide different types of wellbeing support to our employees.
Examples of our activities include subsidised gym membership, access to private medical insurance, the provision of counselling services via our Employee Assistance Programme and mental health training for line managers as well as staff. In recent times we have organised global wellbeing days, enabling our global workforce to take two days off in addition to their holiday allowance to focus on their wellbeing, and each office runs wellbeing initiatives such as social events promoting healthy living and charity days.
Pricing
- Price
- £15,000 to £75,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No