NTT DATA Business Solutions –SAP S/4HANA Cloud for Tax, Benefits, & Payment Process, Private Edition
SAP S/4HANA Cloud for Public-Sector encompasses four SAP solutions used to manage key elements of Public Sector; tax and revenue, social services, grants management, and payment management. These elements are underpinned by common capabilities for: Case Management; Document Management; Business Rules Processing; Activity Management (tasks, appointments, interactions and correspondence management)
Features
- Processes to collect taxes and revenues for public sector
- Capabilities to enable social services to process benefit applications
- Determination of eligibility for benefit applications, and benefit calculation
- Payables management and payment handling for benefits
- Grants capability for government organisations that provide financial assistance
- Support end-to-end processes for evaluation and selection of grants
- Support processes of payables/receivables for large numbers of residents
- Debt collections, along with dispute management and enforcement
- Case management capabilities
- Activity management including tasks, interactions, and correspondence
Benefits
- Specific processes to support Public Sector organisations
- Single system approach ensures users only use one application
- Integrated solution reduces data transfer and re-keying
- Common case and activity management improves efficiency in operations
Pricing
£684 to £1,294 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 7 1 9 8 9 3 2 9 1 6 5 3 4 9
Contact
NTT DATA Business Solutions (UK) Limited
Philip Newman
Telephone: 07554555951
Email: philip.newman@nttdata.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- RISE with SAP S/4HANA Cloud Private Edition
- Cloud deployment model
- Private cloud
- Service constraints
-
Major updates available every 2 years along with interim Feature Packs every 6 months. Optional to take the updates and / or Feature Packs – but the customer must be on a supported / maintained release.
Upgrades are scheduled by the customer and in collaboration with SAP. Maintenance windows are scheduled by the customer. - System requirements
-
- Modern HTML5 compatible web browser
- Internet Connection
- Access to the cloud service URL via any corporate firewalls
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Response times based on priority of the incident raised. Initial response times based on priorities outlined below.
P1 – IRT: within 1 hour of case submission
P2 – IRT: within 4 hours of case submission
P3 – IRT: within 1 business day of case submission
P4 – IRT: within 2 business days of case submissio - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- No testing undertaken with assistive technology users.
- Onsite support
- Yes, at extra cost
- Support levels
-
SAP Software Enterprise Support is included in the subscription fees outlined for this cloud service.
Additional support levels can be provided at additional cost.
SAP Preferred Success is an enhanced support offering provided by SAP over and above Enterprise Support. See separate Lot Listing for details.
NDBS can provide a fully tailored application and technical management support service having been providing support services to the SAP community since 1989, unique in the market. A global SAP certified partner, we offer the benefit of global capabilities with local presence.
Global SAP PCoE Certification which ensures adherence to standards set by SAP. NDBS are ISO9001 and ISO27001 certified providing assurance of quality for our flexible support models that are flexible to demands from the customer.
See separate Lot 3 Listing ‘NTT DATA – SAP Cloud Support Services’ for pricing details.
Governance of the service is provided by an assigned NDBS UK Service Delivery Manager, providing governance across all areas of the service including service management, incident and change management, continual service improvement and customer satisfaction. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
For new customers to SAP, onboarding to the service is generally undertaken as an activity during an implementation project, where the SAP application is personalised to the customer.
Skills transfer is provided through a combination of
- in-project coaching,
- structured self-learning through the SAP Learning Hub,
- on-line help within the application
- SAP Best Practice set-up and test scripts
- Click-thru tutorials available from within the application
- Other application specific learning tools.
Full documentation for the service is available on-line to customers once subscribed.
Additional training can be provided through the implementation process, such as classroom training, at additional cost. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- On-line help within the application
- SAP Best Practice set-up and test scripts
- On-line help at help.sap.com
- End-of-contract data extraction
-
During the subscription term, the customer can access its Customer Data at any time. The customer may export and retrieve its customer data in a standard format. Export and retrieval may be subject to technical limitations, in which case SAP and the customer will find a reasonable method to allow the customer access to customer data.
Before the subscription term expires the customer may use SAP self-service export tools (as available) to perform a final export of customer data from the cloud service.
Applications are provided for the collation and provisioning of extracted data. - End-of-contract process
-
It is the customer responsibility to extract the data prior to the contract termination. The tools for the extraction are included in the subscription for the application.
At the end of the agreement, SAP will delete the customer data remaining on servers hosting the cloud service, unless applicable law requires retention.
Where a customer requires additional support from SAP or a partner for the data extraction then additional costs will apply.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
SAP utilises a HTML5 responsive web design for the User Interface. This supports use across a wide range of modern browsers through desktop, laptop and mobile devices.
Generally, the majority of the content available in the web based UI for the applications also operates on the mobile device and the web-Apps are typically mobile enabled. Some of the more detailed graphical drill-down analysis is not supported on mobile devices.
SAP also provide specific mobile apps via the respective iOS or Android App Stores. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
SAP utilises a Web Based interface for end-user interactions with the software.
The SAP web-UI provides rich content to the user, enabling them to complete their activities effectively and efficiently, and providing an engaging blend of transactional and analytical content.
SAP’s “Insight to Action” approach promotes real-time, data-driven decision making, clear KPIs relevant to the individual, embedded decision support and deep insight across all functional areas. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
The interface is role based, adaptive, simple and coherent, and is designed to a minimum of WCAG 2.1 AA standards for accessibility.
In addition to providing access to the application, the SAP User Interface provides:
Quick access to cross-application search
Notifications
News Feeds
On-line application help and learning library
Access is role and permission based, enabling all users to utilise the same user interface whilst only seeing information that is contextually relevant to them.
The System Interface is accessible from any modern web browser on laptops, desktops and mobile devices. Device OS specific apps are also available from the appropriate App Stores for iOS and Android.
SAP provide accessible themes as part of their Accessibility Standards adherence and undertake extensive user group collaboration and testing of accessibility features such as high contrast, use of iconography and screen readers.
In addition to the Web based user interface, SAP provides comprehensive API support to enable integrations and interaction with the SAP applications from other systems, such as other applications in the Enterprise Architecture or 3rd Party User Experience tools and automation applications. - API
- Yes
- What users can and can't do using the API
-
SAP offers a comprehensive set of standard APIs to support both inbound and outbound integrations with both SAP and non-SAP applications.
APIs generally support Create, Read, Update, and Delete (where appropriate).
Full API documentation is available on-line for customers at api.sap.com, which also provides a “test harness” capability for trialling the API.
Separate Dev and Test tenants support the testing of configuration, enhancement and integration, including the use of the APIs. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The product supports the concept of configuration, and extensions – both of which are sympathetic to the upgrade cycles of the cloud solution, and do not prevent upgradability of the service.
Configuration supports the definition of values for dropdowns, and setting of flags to control how processes will operate within the service. Extensions support the addition of fields, or business logic to add extra capability to the service.
Typically configuration and extensions are carried out by an expert business user or business process owner. Configuration is undertaken in the web based configuration tool and extensions are defined via the relevant applications via the web browser.
Scaling
- Independence of resources
-
SAP applications are designed and developed from the outset to be highly scalable. Data centre and server infrastructure is based on proven SAP reference architectures which provides both scalability and consistency of performance.
For all Public Cloud products SAP continuously monitor and adapt resources to meet load requirements. In Private Cloud environments this is monitored on an individual customer basis and adapted as required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service Usage is monitored at the user access level for license compliance purposes. Available service metrics are available to subscribers of the service from the SAP portal (SAP for Me) via Real-time dashboard.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- SAP
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Other
- Other data at rest protection approach
- All data at rest is encrypted and uses the primary encryption algorithm FIPS 197 (AES) standard. The AES-256 standard is recognized globally as the current standard for cryptography. SAP typically manage the encryption keys on behalf of customers. There is a roadmap item for customers to 'Bring your own Keys', planned for 2024.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Data can be exported or extracted in a number of different ways. For day-to-day analysis and understanding of business data, data can be exported from most functions in the service via an Excel / CSV / XML type download capability.
For extended export – APIs can be used to read data from the cloud service. This can be a combination of standard REST / SOAP APIs or OData APIs for larger volumes of data. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
- Connectivity from the SAP Private cloud is typically a secure tunnel (Site2Site VPN) or connection (MPLS, Cloud Peering, or hyperscaler specific) from the chosen hyperscaler, the majority of user access over this route will use HTTPS and TLS 1.2 / 1.3. Some admin functions will need to have TCP 3200 port open over the secure tunnel for access, but this is never exposed over the internet
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Common services and admin services are connected to the customer private network with peering using an admin VPN connection, HTTPS using TLS 1.2 is used for web connections and additional ports are open across the VPN for services such as monitoring / backup etc. All Internal access is logged and can be audited
Availability and resilience
- Guaranteed availability
-
Standard availability service level for this service is 99.7%
The service credit will be 2% of the Monthly Subscription Fees for the affected subscription-based Cloud Service or the monthly Cloud Credits (as defined in the Order Form) consumed for the affected consumption-based Cloud Service, for each 1% below the System Availability SLA, not to exceed 100% of the fees paid or Cloud Credit consumed by the Customer for the relevant Month for the affected Cloud Service
Downtime is defined as Total Minutes in the Month during which the production version of the Cloud Service is not available, except for Excluded Downtimes.
Excluded Downtime is defined as the Total Minutes in the Month attributable to a Maintenance Window; or any Major Upgrade Window for which the Customer has been notified at least 5 business days in advance; or unavailability caused by factors outside of SAP’s reasonable control, such as unpredictable and unforeseeable events that could not have been avoided even if reasonable care had been exercised. - Approach to resilience
- SAP designs its services and supporting data centre architecture to be highly resilient, providing minimum availability to the end user of 99.7% as standard. Data Centre resilience measures are available on request, under NDA.
- Outage reporting
-
Outage information is published and available to SAP customer in the SAP Trust Centre via the SAP for Me Customer Portal. This provides visibility and details of both current and historic availability, for each SAP application.
Email alerts for planned and unplanned system availability impacting events are also issued to subscribers of the affected applications.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- Support staff require a User ID and Password for the customer specific instance of the service, which remains under control of the customer at all times. System access by user ID is auditable.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- MSECB
- ISO/IEC 27001 accreditation date
- 21/12/2023
- What the ISO/IEC 27001 doesn’t cover
- Statements of Applicability are available on request
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 9001 - Quality Management System
- ISO 27001 - Security Management System
- ISO 22301 - Business Continuity Management System
- ISO 10012 - Personal Information Management System
- ISO/IEC27018 – Code of Practice for Personally Identifiable Information
- ISO/IEC27017 – Code of Practice for Cloud Service Information Security
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
SAP are certified according to the following security policies:
ISO 9001: Based upon quality management principles including strong customer focus and with the involvement of top SAP management with the ultimate goal of continual improvement.
ISO/IEC 27001: Provides a holistic, risked-based approach to security and a comprehensive and measurable set of information security management practices.
ISO 22301: Protects business operations from potential disruption, i.e. extreme weather, fire, natural disaster, theft, IT outage, and more.
BS 10012: Includes employee security awareness training, risk assessments, data retention, and disposal.
ISO/IEC 27018: Guidance for cloud service providers to protect personally identifiable information (PII). Supports ISO/IEC 27001 by recommending information security controls for protecting personal data in the public cloud.
ISO/IEC 27017: Codes of practice for information security controls for cloud services. Supports ISO/IEC 27001 by providing guidance on cloud-specific information security controls.
Further information available upon request or can be accessed at www.sap.com/corporate/en/company/security.html
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All processes/policies are defined following industry standards. The majority of these are internal and are audited in our SOC2 audit, which is undertaken biannually and available to customers on request. The SAP Landscape conforms to (minimum) a 3-system landscape, comprising of Development, test and Production. The production environment is locked down for direct changes, so configuration and code changes must be completed in development and then released and imported to test. After testing the change is moved to production. A full audit log is available of all changes created.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- SAP’s vulnerability management program monitors the cybersecurity emergency response (CERT) advisory services. A CERT advisory is an alert that provides information on discovered vulnerabilities. SAP uses the Common Vulnerability Scoring System (CVSS), for assessing the severity of computer system security vulnerabilities. CVSS assigns severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat. Vulnerabilities are communicated to the responsible LoB/business unit on a regular basis, where an implementation plan is created, based on the level defined on the CVSS rating. Scanning is carried out on a weekly basis as well as regular proactive security patching.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Scanning and monitoring is completed on a regular basis, the Vulnerability Advisory Services (VAS) team is responsible for monitoring vulnerabilities and providing the criticality and priority rating in alignment with the LoB/business units. Additionally, VAS is accountable for publishing/updating SAP CERT notifications, or SCNs, for all relevant vulnerabilities containing the latest criticality and priority rating. Each day, VAS ingests the daily NIST vulnerability feeds and monitors software vendors’ Web sites relevant to SAP’s environment to identify new vulnerabilities. SAP will identify vulnerabilities that may not have a Common Vulnerabilities and Exposures (CVE) designation, with responses aligned to the CVSS.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- All processes and policies are defined following industry standards. Most of these are internal and audited in our SOC2 audit which is made twice a year and available to the customer.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
NTT DATA established the Climate Action Committee (now the Green Action Committee) to lead our climate change initiatives. In October 2021, we created the Green Innovation Office with a focus on advancing green innovation. We are an active steering member of the Green Software Foundation, which is committed to continuous emissions reduction within the ICT industry.
NTT DATA aims to achieve net zero for direct and indirect emissions from its own operations for data centres by 2030, the entire company including offices and other facilities by 2035, and its entire supply chain by 2040, with an immediate aim to reduce GHG across the organisation by 50,000 tons by 2025.
One of these initiatives is our “Work Where It Works” scheme, which gives employees more freedom over their work location. This has reduced the proportion of time our staff spend in office locations which, in turn, has reduced the carbon emissions associated with business travel and employee commuting which are our two biggest contributors to our carbon footprint.
A second initiative we offer is a subsidised electric car scheme and preferential deals on electric vehicles to encourage employees to switch from away from diesel and petrol vehicles to an all-electric vehicle.
We operate our “One Day, One Tree” campaign, where we provide a tree planting donation every quarter, with a seedling planted for each recorded day in UK consulting. Over the last 2 years, we have we donated 101,833 trees to 7 different international projects, ultimately absorbing approx. 2,036 tons of CO2 every year.
We analyse our carbon footprint annually and report our results publicly via the SECR (Streamlined Energy ad Carbon Reporting) and ESOS (Energy Savings Opportunity Scheme). We action any recommendations from the consultancies involved in the audits.Covid-19 recovery
Prior to the pandemic, NTT DATA were already ahead of their competitors in terms of flexible working. Post pandemic, this commitment has been recognised by NTT DATA, and remote/flexible working has become our new norm through our “Work Where It Works” initiative, which ultimately allows all employees more freedom over remote and hybrid working.
During the pandemic, strict Health and Safety protocols were implemented and maintained in all NTT DATA office locations, including regular sanitisation, social distancing measures and access to testing and vaccination information. Whilst these have eased post pandemic, there is still a firm focus on making every NTT DATA office a safe and welcoming place to work.
Our people are at the heart of everything we do, and it was vital, both during and post the pandemic, to find ways to keep employees engaged and connected, even if they are working remotely. NTT DATA host regular formal and informal get-togethers across business units, with each team having their own informal weekly team meeting, and monthly check-ins between employees and line managers to ensure wellbeing.
Furthermore, the pandemic had a significant impact on mental health, which NTT DATA have responded to by providing mental health support, such as mental health first aiders and counselling services to help employees cope with stress and anxiety.
NTT DATA continuously monitor the World Health Organisation for updates and new guidance, and subsequently follow a defined process for implementing and communicating any changes throughout the organisation. The leadership team also take the WHO status into consideration whilst reviewing and adapting business operations based on the current situation and forecasts, and in preparing comprehensive contingency plans that outline steps to be taken in case of future/similar disruptions.Tackling economic inequality
NTT DATA have implemented various practices to promote fair treatment and opportunities for all, helping to tackle economic inequality.
NTT DATA ensure all employees receive not only a competitive salary, but comprehensive benefits which support financial stability, including healthcare, pension schemes and paid leave.
We recognise and value talent and offer clear career development pathways which are accessible to all employees, regardless of their level within the company. To help maximise employee’s potential and improve employability, NTT DATA provide a range of training and further education, including enrolment in one of the top business schools and mandatory CPD hours. We also encourage employees to volunteer their time and skills with organisations tackling economic inequality issues. This fosters social responsibility and connects the company to the needs of the community.
Additionally, in line with our DEI policies, NTT DATA are committed to diversity and inclusion in hiring by reaching out to underrepresented groups, using unbiased recruitment tools (and delivering unconscious bias training), and creating an inclusive workplace culture that values different perspectives.
NTT DATA strive to maintain sustainable business practices and ultimately reduce environmental degradation, which disproportionately affects low-income populations.
This extends to ensuring we operate responsible supply chains, working only with ethical suppliers and partners who adhere to fair labour practices, pay fair wages and provide safe working conditionsEqual opportunity
NTT DATA is an equal opportunity employer and is fully committed to a policy of treating all employees and job applicants equally.
We have a zero-tolerance approach to any form of behaviour which leaves an employee feeling discriminated against, bullied or harassed and we will treat any complaints of this nature seriously. Discrimination, bullying or harassment based on protected characteristics is not tolerated at NTT DATA under any circumstances.
Gender equality and diversity are issues of major importance to NTT DATA, and we believe that DEI is indispensable for the development of our company, and it is clearly stated in the NTT DATA Group Code of Conduct.
Staff diversity is promoted at all levels of the organisation by several measure and activities, including a variety of networks within NTT DATA that were created to promote a safe space for minorities to connect with their peers across the organisation, including:
• Women in Business
• Fathers Network
• LGBTQ+
• Family & Co
• Dis-/Ability
The Women in Business initiative, as an example, if part of a wider strategy geared at NTT DATA increasing the percentage of positions held by women within the organisation. Currently, this sits at 31.05%, with a view to increase this to 33.33% by 2028. In addition, NTT DATA strive to have women make up no less than 20% of the Global Leadership team within the same period.
In order to achieve this, NTT DATA offer a number of programs to support young women in the workplace, along with flexible working and enhanced family-friendly policies, along with the unwavering commitment to recognise, nurture and promote talent, regardless of age, gender, race, disability and/or sexual orientation.Wellbeing
In 2024, NTT DATA was one of the only 17 organisations to be recognised as a Global Top Employer, for our outstanding People policies and practices worldwide, by Top Employers Institute.
Achieving this award is a testament to the priority NTT DATA put on the wellbeing of our people.
NTT DATA recognise the importance of work/life balance, and in giving employees flexibility, which is reflected in our “Work Where It Works” policy previously referenced, and our “Free Friday” initiative, which sees every employee in NTT DATA eligible for 12 days leave in addition to the standard annual leave entitlement, in the form of one Friday off every month.
NTT DATA also partner with Help@Hand to offer total health and wellbeing support for employees and eligible family members, via their app, which includes:
· 24/7 Helpline & Remote GP
· Mental Health Support
· Physiotherapy
· Financial & Legal Support
· 360 Wellbeing Scoring & Guidance
· 1-2-1 Lifestyle Coaching
· Special offers to support everyday finances
We also have a dedicated fit-solutions team, who are tasked with coordinating virtual and in-person events for all NTT DATA entities, with annual events such as:
· World Health Day
· NDBS Soccer Cup
· International Yoga Day
· World Mental Health Day
NTT DATA recognises that for some, wellbeing is found through charity work, and therefore we foster an environment that supports employees involved in charitable causes, with paid days off for charity work, options to be involved in global/company outreach programs, and of course, support of our own employees fundraising activities.
Pricing
- Price
- £684 to £1,294 a unit
- Discount for educational organisations
- No
- Free trial available
- No