ARRIBATEC UK LTD

JEDOX Financial Planning and Analysis Solutions

Arribatec, working with our partner Jedox, brings you a leader in the Gartner® Magic Quadrant™ for Financial Planning Software.
The world’s most adaptable planning and performance management platform delivering organisation plans, budgets, forecasts, and performance analysis the way you envisioned... plan for the future and achieve your goals.

Features

• Drive insights, forecast revenue, and communicate effectively with AI
• Speed adoption through Excel-like interface and Add-in for Excel 365
• Build any model or scenario integrating data from any source

Benefits

• Increased investor confidence
• Increased forecast accuracy
• Increase decisive actions

£805 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@arribatec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

521370994132000

Contact

Allan Burrows
0333 444 1005
info.uk@arribatec.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None - to be confirmed
• System requirements: Jedox only requires a modern browser and stable internet connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our average response time from support is around 125 minutes and critical issues are usually addressed within an hour.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Jedox meets all accessibility standards. This is evidenced by our VPAT 2.3 compliance which, amongst other guidelines, covers WCAG AA. The VPAT framework is designed specifically for public sector procurement.
• Onsite support: Yes, at extra cost
• Support levels: All incidents reported to Jedox get a priority assigned. The priority will determine the appropriate SLA for the specific ticket and consists of a target time for first response, restoration and resolution.; The priority reflects both the critical impact of the issue and scope of affected functionality. A lower priority ; level does not mean that we devote less time or energy to resolving your issue quickly and efficiently. The levels are:; ; -Critical (ex. platform is down); -High (ex. critical functions are unavailable); -Medium (ex. failure on intermittent basis); -Low (ex.incident affects non-core functions)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Jedox offers three different training options - classroom training, online training, and self-studies where customer will be provided with product user guides, have access to the Jedox Knowledge Base and the Jedox training materials provided through Jedox Academy courses.; Instructor-led courses can either be on-premises or in a remote virtual classroom if being delivered by Jedox.; Self-study (self-paced) courses are available through Jedox's online eLearning system (Jedox Academy). The courses offer insights into models or specialized knowledge and range from one to several days of duration and come with their own training materials.; Finally, the Jedox Knowledge Base provides extensive information all around the Jedox solution for users to upskill via some general reading/topic searching: https://knowledgebase.jedox.com/
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Jedox can provide data extraction into myriad data formats as needed. Time stamps are supported, and if needed these capabilities can be limited via security.
• End-of-contract process: There is no additional cost at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Jedox Mobile App interface is adjusted to be compatible with iPhones and iPads with iOS 15 or higher and on Android devices with Android 13 or higher.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Jedox is frequently chosen for its simple and intuitive user interface and ease-of-use platform. This is true from both an end-user admin-user perspective. The web and excel reports use an intuitive interface that is very similar to Excel. This means users can immediately leverage their existing Excel skills and knowledge when modifying or creating reports and dashboards.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have undergone VPAT compliance. testing.
• API: Yes
• What users can and can't do using the API: Jedox has 2 Rest APIs that can be used by customers. One is the OLAP API where more information can be found here: https://knowledgebase.jedox.com/jedox/in-memory-db/api-http-jedox-olap.htm; ; The other Rest API is the OData Hub, which is however sold as an additional package. This is a very simple-to-use API that applies to the OData Standard. More information can be found here: https://knowledgebase.jedox.com/integration/odata-hub/odata-overview.htm
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Jedox is a highly adaptable tool. It is possible to either build all models from scratch or use some of Jedox pre-build starter packs. Most of Jedox models are no-code with few elements of low-code. This allows for easy customisation and adaptability going forward. Jedox offers customizable templates for data collection, workflows, reports, and dashboards.

Scaling

• Independence of resources: Jedox is designed with enterprise-wide deployment in mind and designed with a highly-scalable architecture. Jedox includes organizations with user bases > 1000. Performance can be maintained with enhanced cloud capabilities (CPU/RAM/Storage) hosted on Azure with scalable infrastructure.; ; Users across the enterprise can create integrated models, plans, and reports at all hours based on a 99.5% availability SLA. Jedox ensures the delivery of a performant solution including the provision of an in-built performance monitor. From a technology perspective, Jedox’s in-memory database, among other components, allows for optimized performance.

Analytics

• Service usage metrics: Yes
• Metrics types: For System Status information of your Jedox Cloud instance, you can check the Cloud Console. For example, you can check whether a process is halted, download the latest backups, start/stop processes, set the daily maintenance time and see the usage metrics of your environment.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Jedox

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported from your own cubes to external databases or files via Jedox Integrator, A write-back to SAP is enabled for ERP via batch input sessions (e.g. CSV, XML, JSON etc.). The format can be configured according to your requirements.; A generic JDBC connector exists for writing directly back to SAP on Hana.; Specific connectors for Microsoft SQL, Oracle, IBM DB2, MaxDB, MySQL, PostgreSQL etc. are available.; Access to SAP non Hana systems is possible via optional SAP Connectivity.; For systems that can consume data in the OData Protocol standard, Jedox provides its data in the Jedox ODatahub.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The service level guaranteed by Jedox for availability is 99.5% for a given month. Where service levels are not met, service credits are provided to customers according to the amount of downtime. The availability calculation consists of all services and whole infrastructure, based on 24-hour-per-day times, amount of days per month, minus unscheduled downtime. Availability tends to be well above this SLA. Current availability averages at around 99.9x% in an ongoing 12 month average. Customers can monitor monthly performance here: https://knowledgebase.jedox.com/jedox/cloud/cloud-status.htm
• Approach to resilience: Our partner Microsoft Azure's Backup provides the ability to back up and restore virtual machines. When the process to discover virtual machines in a region is initiated, a one-time registration is performed to install the backup extension, then a backup and retention policy is defined for each VM. From that point forward, replication and incremental backup is automatically performed. Once backed up, a VM can be restored from the latest recovery point or older, restore to an existing or new cloud service, and specify the virtual network and subnet for the restored VM.; Dynamics 365 services backs up databases regularly and validates restoration of data periodically for disaster recovery purposes.
• Outage reporting: Jedox offers Monitoring tools in the performance tab of the web Interface. Logs are collected at Application, System, and Infrastructure layers. These logs are the base for our event management tool that monitors the end-to-end service and triggers alarms at levels when certain conditions or thresholds are met. When an alarm is triggered, the Incident Management process is kicked off at our Security Operation Center.; ; Jedox also offers customer-defined triggers and alerts. Automatic checks are made during data input/import process directly in Integrator; additional checks can be made through the Supervision Server (our very own intuitive Jedox component). ; ; Finally Jedox itself internally also has monitoring of critical applications and systems with alerting in place across all of Jedox Cloud environments. Our monitoring system ensures that all Jedox services are up & running properly. Whenever an anomaly occurs, our support engineers are notified in order to investigate it. Once we understand/restore the behavior/issue, we proactively contact our customer, explain the situation and provide them with further steps if needed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access rights are defined by user role in Jedox:; ; The admin user defines general user roles, adds groups to these roles, and adds users to these groups. Roles, groups, and users are then granted (or denied) access to both functionality and content (specific databases or reports). A user can be assigned to several groups, in which case they gain access rights to each group they belong to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: KPMG
• ISO/IEC 27001 accreditation date: April 14, 2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 9/5/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: 1. Jedox has deployed an ISMS to manage information security professionally based on ISO/IEC 27001:2013 measures and is sponsored by the Executive board. The Jedox ISMS has been certified and continues to be audited by an independent, external auditor on an annual basis.; 2. Jedox employs full-time dedicated information security employee(s) who are responsible for information security.; 3. Jedox has a comprehensive set of information security policies and processes which are disseminated to all employees after approval from senior management.; 4. All employees must sign a commitment statement confirming they have read and understood Information Security polices and will adhere to the measures.; 5. Information Security awareness sessions are provided annually to all employees.; 6. Jedox ensures that Suppliers and Partners have appropriate Information Security measures in place and reserves the “right to audit” their Information Security measures at least annually.; 7. Jedox has a change management process which takes into consideration security implications in respect of introducing changes to existing systems or when implementing new systems.; 8. The Jedox Risk Management process includes Supplier risk Management and IT systems risk management.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Jedox provides easy migration of specific components between environments. ; ; Change requests for the implemented applications are processes we define together with our customers, based on industry best practices.; ; During implementation, customers will have a Statement of Work from Jedox which will dictate the Project Plan (including transition out/go-live services) alongside the implementation support model, including UAT and change management processes. Comprehensive system and user documentation will also be provided as part of the implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As a SaaS provider, Jedox takes information and data security extremely seriously, and as such Jedox maintains ISO 27001, ISO 9001, SOC 3, SOC 2 Type II and Star Level 2 certification. ; ; When it comes to vulnerabilities and security patches, we have an approach that see's any and all patches developed 'As Soon As Possible', in the literal use of the term - meaning attention on patch development is given a priority as soon as a vulnerability is discovered.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Jedox Cloud Console is an administration and monitoring hub for the cloud based Jedox EPM software. It enables customers to operate the Jedox Cloud solution independently - managing security settings, scheduling backups and monitoring uptime, services and connections. The customer always has full access to Jedox Cloud Console.; ; Jedox also offers Monitoring tools in the performance tab of the web Interface. Logs are collected at Application, System, and Infrastructure layers. These logs are the base for our event management tool that monitors the end-to-end service and triggers alarms at levels when certain conditions or thresholds are met.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Jedox has an incident response plan, which includes a crisis communication matrix. This prioritizes the internal departments and external stakeholders like customers or partners and describes the communication channels which should be used.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Arribatec has an environmental policy geared towards minimising our environmental impact. We have an Environmental Management System and are working towards a goal of being carbon neutral by 2030. Progress towards this, and other ESG goals, is reported each year as part of our Annual Report. We have ensured that all our data centres have green electricity; certificates and that the suppliers are chosen based on their environmental performance. ; Our environmental policy also includes such activities as recycling material wherever possible, and an increasing effort to minimise travel. We have a goal of re-using or recycling all electronic waste by 2026 and our progress towards this is measured in our environmental management system.; We have significantly reduced our business travel over recent years, taking advantage of remote working technologies to allow us to do this. Our UK head office is notable for its many eco-friendly credentials including solar and photovoltaic panels on the roof, and ground source heat pumps to supply natural heating. We support the cycle to work scheme which is utilised by head office staff in travel to and from our head office.; ; Furthermore, he nature of our work in automating and increasing the efficiency of transaction processing, and moving processes to the cloud where possible, has a naturally beneficial environmental impact.; ; We publish an annual ESG report, which is available on request or via our website, which also contains details of our ESG commitment and our on-going ESG activities including climate change.

  Covid-19 recovery

  As a business, we weathered the Covid 19 epidemic well, and are proud that we were able to continue business without any furloughing or loss of staff. The rapid deployment of new ways of working allowed us to continue to service our customers’ needs. We instigated a number of measures around social distancing and remote working which allowed us to operate effectively during the pandemic and which will continue to allow us to operate effectively through Covid-19 recovery. We anticipate that the effectiveness of these measures will leave us well placed to create further employment opportunities in the high growth technology sector in which we operate. We also work with various service providers to offer physical and mental health support services to those who need it and regularly incorporate discussion of well-being issues in company meetings.

  Tackling economic inequality

  We are proud to have supported, and we continue to support, sub-contractors in the growth of their businesses through both financial assistance and collaborative working. This includes assistance to small business start-ups, and close collaboration with partners, to develop lower cost/higher quality solutions and boost mutual growth. Scalable and future-proofed technologies and solutions are integral to what we do.; As an operator in a high growth technology sector we have, over many years, provided, and will continue to provide, significant investment in support and training in technology to both our customers and our own staff including towards a number of recognised accreditations. Identification of skills gaps, and plans to address these, are frequent features of our work.; We hold Cyber Security accreditations which include plans for the identification and management of cyber security risks. Cyber security briefings are a regular part of information sharing sessions in the company. Parts of our business have and maintain special expertise in cyber security, and their services are offered to our customers to help them build resilience.

  Equal opportunity

  Arribatec has an Equal Opportunities Policy which states our firm belief in equality, diversity and respect for all, including those with a disability. It is our policy that all employment decisions are based on merit and the legitimate business needs of the organisation. Arribatec recognises the value of an inclusive environment in which people from differing backgrounds and experiences are encouraged to offer fresh ideas and perspectives. We monitor our workforce diversity (with 29 different nationalities currently represented in the group), and our age and gender balance, including salary ratios. We undertake succession planning, monitor and respond to employee satisfaction across a range of measures, and undertake personal development planning for all staff. Our intention is to enable all our staff to work in an environment which allows them to fulfil their potential without fear of discrimination, harassment or victimisation; We publish an annual ESG report, which is available on request, or via our website, which also contains details of our ESG commitment and our on-going ESG activities including Equal Opportunities.

  Wellbeing

  Arribatec aims to be a supportive and flexible employer and has supported staff through difficult periods in terms of both mental and physical health. We include regular presentations on the subject of mental and physical well-being in our company meetings and offer training and support in these areas. We have a range of services available to staff through our healthcare and pension providers. We run periodic team building exercises with the aim of supporting staff to support each other. ; We also engage in various community-based activities to support the communities in which we work. This includes volunteering and fundraising activities, some of which are undertaken jointly with our customers, and we have a regular programme of social events.; We publish an annual ESG report, which is available on request or via our website, which also contains details of our ESG commitment and our on-going ESG activities including on employee wellbeing.

Pricing

• Price: £805 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@arribatec.com. Tell them what format you need. It will help if you say what assistive technology you use.