Skip to main content

Help us improve the Digital Marketplace - send your feedback

Medius Software Ltd

Medius Procurement & AP Automation

Medius Procurement and AP Automation functionality (catalogues, requisitions, purchase orders, invoices) brings automation to the purchasing process increasing on-contract spend, reducing manual processes and delivering rapid return on investment. It allows users to buy the right products from the right supplier at the right price in a secure, online environment.

Features

  • Highly intuitive user interface
  • Seamless integration with ERP and other back-office systems
  • Comprehensive search and catalogue functionality including approved punch-outs
  • Highly configurable workflows and business model set up
  • Strong approval controls and triggers including remote approvals management
  • Free supplier portal with self-service supplier onboarding and maintenance
  • Customisable dashboards that allow users to view spend data
  • Continual product development and regular updates
  • Unlimited customisable report creation, scheduling and publishing
  • Securely hosted, managed and maintained on a client's behalf

Benefits

  • Quick user adoption with minimal training delivers rapid ROI
  • Removes manual processes and gains significant resource/time savings
  • Cost savings gained with approved, on-contract spend
  • Supports supplier onboarding initiatives and improves communication
  • Enhances the content of supplier and catalogue information stored
  • Cuts administration overheads with fewer invoice queries
  • Gains complete spend control and visibility
  • Auditable environment provides complete process transparency
  • Delivery guidance from an experienced support services team
  • Scalable solution with no IT hardware overheads.

Pricing

£34,770 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Aaron.Asvadi@medius.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 2 2 3 7 5 3 8 6 5 7 3 8 1 9

Contact

Medius Software Ltd Aaron Asvadi
Telephone: 0161 367 8375
Email: Aaron.Asvadi@medius.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Medius Procurement and AP Automation are part of Medius' integrated Spend Management platform.

The intuitive software is deployed via the cloud in modules or as an entire source-to-pay suite. The platform is developed in-house on a single code base, which ensures Medius delivers a consistency of user experience.
Cloud deployment model
Public cloud
Service constraints
There are no constraints that buyers should be aware of.
System requirements
  • Adequate internet connection
  • Stable/sufficient bandwidth
  • Straight reliable connection to the internet (no proxies etc.)
  • Access to recommended internet browsers
  • Avoid running the application on Citrix or desktop virtualisation platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Medius endeavours to respond to and resolve any issues/questions within the target response times as defined within the standard agreement (terms and conditions) and order forms. The response times to an issue varies depending on the severity and assigned priority level of the issue.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Medius uses state-of-the-art management processes to log, track and resolve issues, delivering the highest possible levels of accountability, traceability, and visibility. Clients have access to an online support helpdesk tool, which provides the tools to view current service levels; submit new requests; receive updates on existing requests; and review the entire support history. The helpdesk has full issue resolution, audit and escalation workflow functionality to allow issues to be reported and managed. This facility is available 24 hours a day, assisting Medius to resolve issues in a timely manner, no matter when or where they occur. A manned Technical Helpdesk & Support service is available during normal business hours Monday to Friday (excluding public holidays). Support charges are included within the annual subscription fee unless an incident is caused by the client or is classified as service request or change request. Clients also have a dedicated Account Manager, who they meet regularly to review the on-going service delivery, and if any issues are raised these are noted, resolved or escalated at the weekly management meeting. The Account Manager takes an active role in supervising the delivery programmes and is key point of escalation for any issues during and after implementation.
Support available to third parties
No

Onboarding and offboarding

Getting started
During implementation, Medius will operate training packages to transfer skills to the key gateway users; allowing users to manage the user interface, workflows, forms, and screens. Training course duration, location, and attendee numbers vary per user requirements and will be confirmed during the initiation phase of the implementation process.

As standard, Medius operates a ‘train the trainer’ program that enables super users to be trained on the software application in order that they can disseminate this knowledge, along with accompanying supplied collateral, throughout the organisation. These are typically conducted remotely and divided into 3–4-hour sessions at a time. The estimated time also allows for follow-up training sessions on select topics.

Following final delivery, a period of hypercare is provided before day-to-day support is enabled via Medius Customer Support. Medius also provides an online training documentation for administration and use of the application. Guides take the form of a graphical walk-through of the screens involved in the business process from a user, administrator and operator perspective, with a step-by-step narrative are also shared to give the most intuitive training and reference resource possible. These are available at all times via the Medius Success Portal: https://success.medius.com/
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Webpages
End-of-contract data extraction
Upon the expiration or termination of Master Cloud Subscription Agreement, the customer shall retrieve its Data in a commercially reasonable timeframe. If the customer requests Medius’ assistance, Medius shall charge the customer its standard time and materials rates for such work. Medius agrees to store Customer Data one (1) month after an Agreement’s expiration or termination or until any requested transfer of data has been performed, after which the data will be deleted no later than ninety (90) days thereafter unless another retention period is agreed. Notwithstanding the foregoing, Customer Data in back-ups may be retained in accordance with Medius’s standard back-up routines for up to two years following termination of this Agreement, provided such back-ups are maintained in a secure manner.
End-of-contract process
If a client decides not to renew the contract, Medius will initiate an Exit Plan. This ensures an orderly migration of data and services to the client or, at the client’s request, a replacement supplier.

If required, Medius can provide an export of data from the application in an agreed format at the client's cost. On satisfactory completion of the Exit Plan, Medius shall confirm that all data and materials belonging to the client have been delivered and deleted from all systems.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Medius' responsive web design and support for HTML 5.0 standards allows it to be used in the same consistent manner on any HTML-compliant browser irrespective of the device: PC’s, laptops, tablets and mobile devices. No app is required to download and manage.

The mobile-friendly interface allows users to access, authorize, and comment on documents. The following types of documents are currently supported as standard:- expense (non-PO) invoices
- order-based invoices
- recurring invoices
- purchase requisitions
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
A user-friendly interface is common across the application with a standard 'look and feel' that can be navigated using a series of quick links or drilldown menus. A .NET GUI generator ensures that the user interface is dynamic, with every button and graphic generated on the fly to offer a personalised experience to each user. Where possible, information is pre-populated, defined by the individual user login, to minimise the burden of data entry and reduce any opportunities for error. Additionally, the interface is continually enhanced- Medius employs specialist UX consultants and a dedicated design team to drive independent best practices.
Accessibility standards
None or don’t know
Description of accessibility
Medius is designed to be highly flexible with easy-to-use functions that are accessible for all users from a variety of backgrounds. The intuitive user interface renders complex processes simple, thereby allowing thousands of users to engage with the system. The system is already in use within the public sector and can be configured to comply with specific requirements.

Medius aims to conform to the W3C and Level AA standard. Where the highest standards of accessibility cannot be met for any reason, Medius will provide the information in an accessible format on request.
Accessibility testing
If required, Medius would be willing to assess the ability to integrate its application with assistive technologies.
API
Yes
What users can and can't do using the API
Seamless integration with other systems can be delivered via pre-packaged ERP connectors for ERPs (such as SAP, Microsoft Dynamics, Infor M3, Iptor), File Exchange APIs, and/or a REST Web API. These facilitate connectivity and the smooth synchronization of data, including GL accounts, payment terms, POs and tax codes. For example, the REST API is authorised with OAuth2, which makes it flexible and easy to use from any platform. This supports the exchange of data between the two systems in XML and JSON formats.

For further information on the Medius connectors and APIs, please see:
https://success.medius.com/documentation/cts-documentation/
https://success.medius.com/documentation/integration-documentation/
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Medius understands that each organisation has its own unique requirements and as such, has designed its modules to be flexible and adaptable to all current/future business objectives and cases. Most of the objects and options in the application can be created, removed or changed and generally configured in the administration pages of the application. Users simply click ‘Administration’ in the application’s navigation bar to search through the pages and find the appropriate setting/control.

Please note that the list of available administration pages that are displayed as well as configuration options, depend on the user’s access rights and permissions.

A high level of personalisation for key areas is also available including dashboards, forms, favourites, new supplier and users etc. with users able to customise their display settings. Customisable dashboards deliver real-time windows on all key system and user activities, whilst powerful reporting facilities provide tailored management information to drive better business decisions. Users are able to delve into the system data at a granular level and create, save and share any number of personalised reports that can be exported.

Scaling

Independence of resources
Client systems are segregated by single application and database instances. These are managed, backed up and configured as if they were isolated on a stand-alone environment.

Medius is also built for Microsoft Azure to take advantage of the security, scalability and business continuity it offers. The Medius Cloud Operations team monitors the SaaS solution continually and proactively manages capacity and scalability to ensure availability and performance. Where additional capacity is required, the necessary work is scheduled for completion and Azure is scaled to the new requirements by the Cloud Operations team.

Analytics

Service usage metrics
Yes
Metrics types
Medius supports service metrics through in-built analytics and reporting. Dashboards can be used to monitor system usage including active users, value of spend associated with each account, and spend by supplier etc.

Nominated client users also have access to a class-leading Customer Support Portal and Helpdesk, which is used to:
- Submit new Support Events
- Update open Tickets
- Check the status of any Ticket and export a list of tickets if needed
Utilizing this resource, clients can communicate with Medius, and see every ticket recorded, what steps have been taken, and how Medius are performing against established SLAs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Through in-built search and reporting capabilities, data can be extracted from the database into a dataset where it can be saved and exported in a standard format (e.g. CSV, XML and/or pdf file) for delivery to the user.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • XML derivatives
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML derivatives
  • EDI

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
In accordance with the Master Cloud Subscription and Services Agreement, Medius shall provide the Cloud Service of the production environment with an availability of 99% or higher as measured per calendar month.

Service credits are available if Medius fails to meet 99% availability. The Service Credit shall be equal to two (2) percent of the total Cloud Service subscription fee for the affected quarter for each percentage below 99%. The maximum amount of a Service Credit per calendar quarter shall be twenty (20) percent of such fee.
Approach to resilience
Available on request.
Outage reporting
Scheduled maintenance for the purposes of releasing updates of new functionality shall be communicated by Medius at least 7 days in advance via the online helpdesk. Scheduled maintenance for the purposes of securing business continuity (for example virus protection, security updates or third party release service packs) may however be communicated by Medius with less than 7 days’ notice, if it is reasonably expected to be in the interest of Cloud Service users in general.

Medius may in its sole discretion take the Cloud Service down for unscheduled maintenance in which case it will strive to notify its clients in advance. Such unscheduled maintenance will be counted as Downtime. However, the exact length of time will be subject to the specific circumstance and the issue that needs to be resolved.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Medius deploys access control mechanisms to protect critical and sensitive information including authorisation, segregation of privileges and passwords. The IT Support and Cloud Operations departments are responsible for ensuring that both logical and physical access to sensitive information and systems are controlled, and procedures are in place to ensure their protection.

Access control rules and rights to applications, expressed in standard user profiles, for each user and/or group of users are clearly stated, together with the business requirements in a Default Access Matrix. All access granted, modified and terminated is recorded.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Nqa
ISO/IEC 27001 accreditation date
16/09/2020
What the ISO/IEC 27001 doesn’t cover
Certification only covers UK operations. Medius Software's Information Security System is certified for the design, development and provision of spend management software and services.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC1 Type 2 (ISAE 3402, SSAE 21)
  • SOC 2 Type 2 (ISAE 3000)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SOC1 Type 2 (ISAE 3402, SSAE 21) and SOC 2 Type 2 (ISAE 3000)
Information security policies and processes
Medius operates an Information Security Management System that is based on ISO 27001 standards and applies to all employees and sub-contractors in all Medius Group companies and countries working with Medius. The scope includes all information assets that belong to Medius or are managed by Medius (e.g. customer information in the Medius Cloud solution). In the UK, this is certified the ISO27001:2013 standard.

This includes a set of Information Security-related policies that have been approved by the CEO and the executive management team that everyone in the company is obligated to follow. This policies describe Medius ambition, goal, organization and responsibility in the information security area as well as important rules and guidelines for how Medius employees and partners are allowed to access and use information assets, customer data, systems, devices etc.

Medius also performs regular SOC 1 Type 2 (ISAE 3402, SSAE 21) and SOC 2 Type 2 (ISAE 300) audits receiving reports for its existing customers to use in an auditing purpose. The reports are issued by Ernst & Young and copies can be provided upon formal request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
In accordance with a Change Control Procedure, all significant, non-routine changes to the organization, business processes, information processing facilities and systems are controlled by the online helpdesk and escalated to the appropriate personnel.

A risk assessment may be undertaken at the discretion to identify potential risks, impacts and controls in line with the risk management framework. Where required by risk assessment, fallback procedures or a roll-back strategy may be prepared.

All changes are tested thoroughly and applied to a User Acceptance Testing environment for sign off and approval. The changes are then be rolled to the live platform.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Medius has robust mechanisms in place for vulnerability and patch management. All application, system and network device vulnerabilities are assessed, and all security patches are applied in a timely manner following a risk-based approach to prioritise the critical patches. For example, Medius follows Microsoft Azure routines regarding patches and anti-malware, please see the following for detailed information: https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware

Security patch management is an integral part of operations in order to help protect systems from known vulnerabilities. The Azure platform utilizes integrated deployment systems to manage the distribution and installation of security patches for Microsoft software.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
System technical vulnerabilities that may impact availability and performance are scanned daily using hardware firewalls and anti-malware. These monitor all network and IT equipment (including servers), providing security scanning, performance, and capacity management. SSL/TLS assessments are also completed weekly.

Azure security is also monitored with the aid of centralised monitoring, correlation, and analysis systems that manage the large amount of information generated by devices within the environment, providing pertinent and timely monitoring and alerts.

Alerts are triggered by set criteria and are responded to with the appropriate actions taken to rectify any problems.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Security incidents are notified, reported and remedied following Medius' Incident Response and Management Procedures. The helpdesk records all security incidents immediately upon receipt, allocating to each a unique reference and uses these records to ensure that all such reports are analysed and closed out.

Actions are then invoked as set out in the standing work instructions plus additional activity that are considered necessary to contain and recover from the incident, and implement contingency plans. Customers then receive confirmation that the affected business systems have been restored and that the required controls are operational to enable a return to normal working.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

As a SaaS provider with the majority of services deployed and supported remotely, Medius has minimal environmental impacts. To ensure that it operates in the most sustainable manner, Medius has a documented Environmental Policy that outlines the company's environmental commitments in every aspect of its operations. This is a continual and ongoing process, and the aim is to adopt a long-term, preventive approach using sustainable solutions in order to constantly improve on the company's environmental performance.

With the ultimate goal of contributing towards an ecologically sustainable society, Medius:
- Increases knowledge and raises awareness of environmental issues within the company.
- Follows the relevant environmental legislation and environmental regulations.
- Prioritises products that are safe, energy-efficient, and environmentally friendly in terms of future recycling and safe disposal.
- Prioritises environmentally labelled and recyclable products when making purchases for internal use. Sorts all waste and is aware of environmental considerations in relation to the maintenance of its properties.
- Partners with Veritree to plant a tree for every piece of content downloaded from its website.
- Provides ‘Cycle to Work’ and ‘Electric Vehicles’ salary sacrifice

Additionally, the solution is hosted by Microsoft Azure, which has been carbon neutral since 2012 and has a range of sustainability practices in place. For further information, please see: https://azure.microsoft.com/en-gb/explore/global-infrastructure/sustainability

Covid-19 recovery

As most of Medius Software's core business operation systems are cloud-based, it meant the business could continue as usual during the uncertainty and disruption of the pandemic. Medius did not experience any significant impact to its normal services with the software remotely deployed, maintained, supported and upgraded. Furlough was not required with all staff able to work from home utilizing equipment, systems and processes that ensured the channels of communication with clients were not affected.

To aid social value recovery, Medius has committed to its growth and increasing employment and personnel development opportunities. A policy of flexible hybrid working has also been implemented to help with employee wellbeing and to fit with changes in circumstances.

Tackling economic inequality

Medius Software Ltd’s Head Office is based in Manchester, and employs a number of people from across the UK and within the local area. This has led to multiple employment opportunities being provided in the last 12 months. Medius is committed to increasing personnel development and new skills opportunities. Additionally, a policy of flexible hybrid working has been implemented to help with employee wellbeing and to fit with changes in circumstances as well as reduce the impact on the environment in relation to the office commute.

Medius also takes steps to minimise the gender pay gap and ensure that women and men are paid equally to do the same work. To ensure better outcomes for employees, Medius pays at least the National Minimum Wage, conducts an annual pay review and completes industry benchmarking exercises.

Equal opportunity

Medius respects the fundamental rights and international labour standards as set out in the UN Declaration of Human Rights and in the core convention of the International Labour Organisation and publishes an annual Modern Slavery and Human Trafficking Statement.

Medius is committed to creating a working culture that respects, celebrates and harnesses differences to the benefit of customers, employees, business partners and the wider community. Equality, human rights and diversity form part of Medius’ Corporate, Social and Responsibility Policy. The principle of equal opportunities for everyone in employment is an important part of Medius’ working culture. As such, Medius aims to have:
- A workplace free from discrimination on the grounds of age; disability; gender reassignment; marriage and civil partnerships; pregnancy and maternity; race; religion or belief; sex; and sexual orientation; and
- A recruitment programme that is based solely on the objective assessment of ability, qualifications and other job-related criteria.

Medius employees are expected to respect all individuals and each other’s rights, customs and traditions; creating a workplace that this based on mutual trust, and where every person feels responsible for the performance of the company.

Wellbeing

Medius invests significantly in employee wellbeing, partnering with organisations such as Unum that provide benefits free of charge to employees. These include physical and mental health support as well as online counselling.

For the wider community, the Medius Group and individual entities within it run a number of social and local initiatives. For example, in 2021 the Group selected Save the Children and donated $2,000 donation to their Afghanistan Crisis Children's Relief fund. Members of the Medius UK team have also worked with Choose Love, Mustard Tree and Manchester Homeless Donations. Medius Poland sponsors animals in a local zoo; runs a volunteer project to improve plasma donation process; and supports Ukraine by sorting and donating clothes. Medius North America donated over $700 in monetary and physical donations to two local Jacksonville charities.

Pricing

Price
£34,770 a licence
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Aaron.Asvadi@medius.com. Tell them what format you need. It will help if you say what assistive technology you use.