CIMPLE LIMITED

Cimple eProcurement

Cimple eProcurement is our e-sourcing/Procurement solution. The solution enables Buyers to issue simple and complex services procurements and for Suppliers to bid on them. For Suppliers in the eProcurement solution we also have integrated with Contracts Finder/Find a Tender to provide transparency on a broader set of Opportunities.

Features

• Users are enabled to create accounts on Cimple eProcurement
• Owners can set organisation permissions (4 settings available)
• Add/remove and change users/user permissions
• Create a new procurement, notice, call-off, competitive flexible procedure
• Automate populating of the Standard Selection Questionnaire
• Publish, be matched with suppliers and receive responses
• Evaluate, shortlist and award with our in-platform evaluation functionality
• Manage all opportunity activity
• Manage contracts through our Contract Register
• Automated notices published to Find a Tender/Contract Finder

Benefits

• Simple interface users quickly find their need
• Free to access
• Stay compliant with transparency notices pushed to Find a Tender
• Increase commercial savings and reduce operating costs
• Increase your social value with our built-in assessment
• Be intelligently matched with suppliers (including SMEs)
• Securely hosted on AWS

£500 to £10,000 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@cimple.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

488929097940857

Contact

Wyndham Plumptre
07971045637
team@cimple.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: All services are browser based using latest version of browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide one fully comprehensive level of support. The support desk is available from 9.00am to 5.00pm Monday to Friday. We have a team of full time staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, online training and user documentation as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Within 30 days of termination customer is provided data in the format of their request.
• End-of-contract process: Data extraction and managed off-boarding through our Customer Success team.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Other than the user interface being built for mobile there is no difference in the experience or the service.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: No

Scaling

• Independence of resources: Cimple has been built to be used by 1000s of organisations in parallel. We have built sufficient capacity into the eProcurement platform, ahead of customer demand. The infrastructure is continuously monitored and additional capacity is implemented as existing capacity nears predetermined thresholds.

Analytics

• Service usage metrics: Yes
• Metrics types: Please speak to your Cimple Customer Success Manager
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Requested through Cimple with 48 hour SLA.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% during core business hours (9am-5pm), Monday to Friday, excluding English bank holidays.
• Approach to resilience: We operate our systems under no single point of failure.
• Outage reporting: Cimple will notify any customers should an outage occur through our Customer Success Managers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Currently implementing other authentication techniques including 2FA and should be in place before the start of the framework.
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Currently implementing other authentication techniques including 2FA and should be in place before the start of the framework.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 20/08/2021
• What the ISO/IEC 27001 doesn’t cover: QMS perform our annual audit for recertification, therefore any changes or enhancement to Cimple during the year are then caught and reviewed in the next certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: All security certifications requested in process of being obtained

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security governance is a defined operating procedure for the business and available on request. All staff members must sign to state they have read and understood the Information Security Policy and this to be repeated annually.All new starters are required to read and confirm all policies and procedures and again at least annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All our source code is tracked through life using Notion and stored on Github.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a variety of sources to recognise potential threats, we also scan our environments for known threats on a weekly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have specific processes and procedures in place to actively monitor and react to any potential compromises. If such a comprise is discovered them an immediate impact assessment is performed and necessary actions taken based on this immediate review. We inform any customers affected as soon as is practical except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach varies dependent on the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Under this theme of fighting climate change we’re helping with the effective stewardship of the environment by delivering our carbon reduction plan and wider mission towards reaching Net Zero.

  Covid-19 recovery

  Under this theme of Covid-19 recovery, we are helping local communities to manage and recover from the impact of COVID-19 through 100% of companies in our Supply Chain being signed up to the Mental Health at Work Commitments. Also, with more than 25% of our new jobs being created regionally (non-London based).

  Tackling economic inequality

  Under this theme of tackling economic inequality, we’re helping to create new business with more than 25% of our new jobs being created regionally (non-London based) and more than 50% of apprenticeships being created regionally (non-London based). Also, we’re helping to increase supply chain resilience and capacity through 100% of companies in our Supply Chain having the Cyber Essentials certification.

  Equal opportunity

  Under this theme of equal opportunity, we are helping to reduce the disability employment gap with more than 10% of new jobs created for those with disabilities and more than 10% of apprenticeships being created for those with disabilities. Also we are helping to tackle workforce inequality with more than 35% of new jobs and more than 35% of new apprenticeships being created for under-represented groups. Also, 100% of companies in our Supply chain have a Modern Slavery Policy.

  Wellbeing

  Under this theme of wellbeing, we are helping to improve health and wellbeing by having 100% of companies in our Supply Chain signed up to the Mental Health at Work Commitments. Also we are helping to improve community integration by having 24 hours per employee per annum of community initiatives delivered.

Pricing

• Price: £500 to £10,000 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Our solutions is free to access for users to trial at their own wish, all buyers can publish 2 competitions for free before entering a licence agreement.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@cimple.uk. Tell them what format you need. It will help if you say what assistive technology you use.