Codestone

Codestone Insight Package for SAP S/4HANA Cloud

In today's fast-paced financial landscape, value creation is essential for the Office of the CFO 4.0. Deploying SAP's S/4HANA Cloud Public Edition solution with supporting tools, building a Financial solution foundation in which to evolve from, to support the operations and requirements of the business.

Features

• Core Finance, including cost management and profitability analysis.
• Procure to Pay, including integration with Ariba Network
• Plan to Product, including inventory and maintenance management.
• Order to Cash, including contract and receivables processing
• Consolidation & Planning
• What-if and predictive analytics
• Integration to third party solutions via SAP BTP Integrations Suite
• Integration to SAP Suite of products
• Extensibility via InApp Extensibility or BTP
• Embedded analytics

Benefits

• 25% to 33% Reduction in time compared to 'traditional' approach.
• Implementing Minimal Viable Product (MVP) with rapid time to value
• Streamlined implementation process, leveraging Codestone and SAP tools
• More efficient internal and external audit
• Control over procurement spend
• Short time to value (in as little as 8 weeks)
• TCO reduction (IT administration and development costs)
• Future proof platform in the most cost effective way possible
• Utilizing pre-built, best practice functionality
• Efficient projects and better project controlling

£100 to £300 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.duke@codestone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

434207161887891

Contact

Gary Duke
+447831526080
gary.duke@codestone.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: 6 monthly upgrades, Customer are always on the latest versions with the latest innovations
• System requirements:
  • Accessible using HTML5 compliant devices
  • Internet connection for use of SAP Fiori Apps

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24/7 support is offered
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Codestone supports all the software and services it manages and implements. We offer three service levels with increasing additional value. Our support contracts are product-specific and, at the base level, fully service-ticketed. We provide a customer portal with access via all major channels, such as telephone and email and standard service levels. Every level offers access to our customer value team, account management, response and resolution SLA's and escalation management. Our support offers escalation through the helpdesk to senior consultants and has responsible, fair usage laid out in the terms and conditions. Our base support is standard business hours raising to full 24x7 at the Premier level.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All documentation and process flows, including training materials in the form of step by step guides are included in the service. Additional onsite enablement can be included and factored into the onboarding plan. A full onboarding plan will include all key activities for both Codestone and Customer so there is absolute clarity of tasks associated with the onboarding programme. https://www.sap.com/uk/services/s4hana-deployment.html
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: SAP offers inbuilt tooling for data export, from simple Excel downloads built into the SAPGUI to more complex data transfer modules provided by the SAP native programming language ABAP.
• End-of-contract process: Codestone has contracted exit processes ensuring all data is securely managed back to customers wishing to exit their agreements. No access will remain to Codestone staff after contract completion. SAP does allow data to be extracted by means of standard tools available to customers.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: S/4HANA cloud APP's are available on Mobile and Tablet device.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: SAP's APIs enable the integration of on-premise, cloud-based and third-party solutions with the S/4HANA Cloud Public Edition.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Scope of the service is determined via an assessment of Business Processes, this formulates a Digital Assessment form which allows Codestone to map the service exactly to the customer.

Scaling

• Independence of resources: SAP HANA is designed and developed from the outset to be a highly scalable application. Server infrastructure inherited from proven SAP NetWeaver architecture and Cache infrastructure minimises load on central components, especially the database. Application web servers are added automatically if the load becomes compromised. SAP have full security and infrastructure information available on this topic.

Analytics

• Service usage metrics: Yes
• Metrics types: Service reporting is standard in Codestone's SystemSure support service.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SAP

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Cloud solutions from SAP encrypt data at full rest in storage. Storage devices include self-encrypting drives, which encrypt data “on the fly” while stored on disk to FIPS 197 (AES) standard at 256-bit key strength. Data backups are stored encrypted at AES 256-bit strength. An encryption key is stored on the service processor or an external key management server. Data is unencrypted based on the scope of access needed. SAP solutions are configured to use secure communications in accordance with the protection requirement of the transmitted information involved in electronic messaging.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Depending on the nature of the request, users can export from SAP as standard functionality throughout the solution. This allows export in many formats including CSV, XLS, XML, PDF On service termination, Codestone will export the data to an agreed format in line with the agreed exit plan.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Direct to MS Word/Excel
  • XML
  • To file
  • I-DOC
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • I-DOC
  • Excel
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.7% System Availability percentage during each month for production systems.
• Approach to resilience: SAP's operation's policy and guidelines are documented and made available to all users who need them. They provide guidance us in maintaining equipment for continued availability and integrity. The Architecture is documented and contains the technical application architecture, the network topology and the geographical locations of the data centers of the cloud solution. Checks are made to ensure all mandatory data is filled out and added to the asset management tools for physical servers and virtual machines. This ensures configuration, installation, and operation of the systems and services using Least-Privilege Administrative Models. http://www.sapdatacenter.com/
• Outage reporting: SAP data centres maintain multiple connections to several power companies. Even if local power grid were to fail, the data centres supporting your SAP Cloud solution have an uninterruptible power supply for short-term outages and a diesel generator back-up for longer-term outages. Therefore, power interruptions or outages are extremely unlikely to affect customer data or solution access. Any unplanned downtime will be alerted to customer via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: When an end user accessing SAP S/4HANA Cloud Public Edition, he/she passes two check points: authentication and authorizations. Authentication checks the user’s existence in the system and let him/her get onto the system or gaining an access to the system after verifying the password. This check is done through Identity Authentication Service (IAS). Authorization does a different job. It checks which Fiori applications (apps) the user can see and/or use based on his/her business user roles.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: December 2016 (Recertified in March 24)
• What the ISO/IEC 27001 doesn’t cover: Anything that is not explicitly defined within the Statement of Work
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Codestone has a Director responsible for security processes and policy. We would be happy to discuss more on this subject should you wish to know more.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A formal change management process is in place and is regularly reviewed and approved. This process ensures that change requests are planned, tested, approved, recorded, tracked and maintained and an impact analysis of the change is performed prior to implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability Management focuses on identifying, assessing and mitigating common vulnerabilities and configuration issues that might represent a potential risk to the integrity and security of systems or services. The following services are part of the Vulnerability Management System: Vulnerability Scanning, External Penetration Testing and Customer Performed Vulnerability Assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In SAP Cloud Business Applications, an automated monitoring system and operations personnel ensure the system availability 24x7. Security relevant events are logged and retained for 180days in a SIEM (Security Information and Event Management) system. CCTV footage is archived for at least 90 days (or maximum allowed by local law). Monitoring rooms are staffed 24x7.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SAP Cloud implements formal event reporting and follows escalation procedures if an information security incident occurs. Documented security incident response plans for the cloud solutions from SAP ensure that the best possible levels of service quality and availability is achieved. Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels relating to customer until resolved.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Codestone is an equal opportunities employer, which is committed to the promotion of equality of opportunity in all aspects of employment, including recruitment, the provision of training and career development opportunities.

  Wellbeing

  The People and Culture team are additionally responsible for every employees wellbeing, physical and mental. The company invest in extensive team events that are designed to balance the work and personal life balance, for example a two day festival each year for employees to share some fun times and enjoy soem down time from work.

Pricing

• Price: £100 to £300 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: SAP trial is a non-commercial, 14-day time-limited offering. Your SAP trial account will be shut down at the end of the trial period. All subaccounts, deployed applications, and services in this trial account will be terminated. All data storage and configurations associated with the trial account will be deleted.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.duke@codestone.com. Tell them what format you need. It will help if you say what assistive technology you use.