Embridge Consulting (UK) Ltd

Proactis Sourcing

Proactis Sourcing is a workflow driven, agile and simple to use collaborative platform from which users are able to conduct all their electronic tendering and procurement activity including simple quotes, single stage and multi-stage projects, frameworks and Dynamic Purchasing Systems (DPS), as well as electronic auctions.

Features

• Intuitive easy to use online e-procurement software, online help facility.
• Online questionnaire functionality.
• e-Auction module, including transformational bidding and Managed Auctions.
• Quick Quote Facility.
• Collaboration portals between buyers and suppliers.
• Supplier response wizard facility to submit compliant responses.
• Buyer wizard facility to create pre-built procurement processes and workflows.
• Evaluation module with side-by-side scoring.
• Staged evaluation process with moderation and short-listing.
• Promote to contract register facility.

Benefits

• Improved buyer compliance across the organisation.
• Greater visibility and transparency of buyer/supplier activity.
• Provides all evidence to assist with queries and clarifications.
• Enables easier answering of FOI requests around Procurement activity.
• Save time with easy document uploading, downloading and management.
• Reduces rekeying through FTS forms and promoting contracts to register.
• Track project progress, identify late tasks and alert appropriate stakeholders.
• Ongoing updates in line with procurement legislation changes.
• UK operated helpdesk with ticketing portal support

£12,450 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

681962861763810

Contact

Emma O'Brien
01474555505
enquiries@embridgeconsulting.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Proactis Contract Management, Proactis Supplier Management, Proactis Purchase to Pay (P2P), Proactis Marketplace, Proactis Accounts Payable Automation.
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements: All services are browser based using latest version of browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For system related incident reporting/resolution, users raise a technical support ticket via our Helpdesk. The Support System is available 24/7/365, though tickets are only actioned during Helpdesk support hours (9:00am-5:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays).; ; Tickets raised are managed in accordance with ticket priority levels/severity, linked to SLAs for response and resolution times as contained within the standard contract. The system is automatically monitored around the clock and issues escalated to relevant teams/individuals for investigation and remediation. Please see Maintenance and Support Services Terms attached.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to support and maintenance services is provided as part of the annual subscription fees. ; ; For all system related incident reporting and resolution, using secure, unique login details, users simply need to raise a technical support ticket in the first instance using the online Embridge ticketing portal. ; ; An Issue Resolution process with associated SLAs would then be followed. All service desk personnel are technical engineers equipped to deal with technical issues.; ; The Customer Support Helpdesk is available to provide support on system issues, i.e., errors seen in the system and/or if core functionality is not working as intended. They will also be the first point of contact if you wish to raise a change/enhancement to the solution. ; ; The Helpdesk operates from 9:00am until 17:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Implementation will follow our project and programme management methodology for implementation of software solutions. ; ; As part of our methodology, we can provide onsite training and/or online training, and we would refer you to our Lot 3 support services listings for further details on how the software would be onboarded if implemented by Embridge Consulting. ; ; As part of our standard approach, we provide training on the use of the system to the intended ‘Trainer’s’ of the end users, i.e., the System Administrator. Training is delivered on a standard training environment, and additionally, before entering UAT, the project team steps through the configuration with the Consultant on their environment. The aim is to ensure System Administrators have the skillset and tools to make the best use of the functionality, so they can then be self-sufficient in disseminating the training information to the end users. ; ; We adopt a knowledge transfer approach, ensuring the project team users are hands on with the application throughout the project by being involved in the configuration, build and testing, thereby ensuring self-sufficiency post project.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: Proactis provides an off-boarding process to provision complete copies of the Customer's data, normally in SQL backup format but other formats can be agreed.
• End-of-contract process: Within 14 days of termination Proactis will provide the Customer, in encrypted format, a full copy of their data in SQL format (other formats are available at additional costs). This is performed once, FOC, as part of standard off-boarding processes.; ; Any additional works required, e.g. extract of documents from data, querying or additional extracts of specific data are additionally charged based on requirements. ; ; Once data has been successfully transferred, Proactis will either destroy any data still in its possession, or anonymise if system integrity is affected by deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Service Interface allows users (Administrators, Buyers and Suppliers) to access the application via a GUI. Administrators can configure, manage and monitor all aspects of the system relating to their organisation. Buyers can manage and engage with their supplier base, initiate and participate in Tendering exercises and create and manage contracts with suppliers. Suppliers can manage their profiles, respond to buyer engagement requests and submit tenders.
• Accessibility standards: None or don’t know
• Description of accessibility: Proactis supports the requirement to make service functionality equally accessible for everyone. Proactis Research and Development (R&D) has invested significantly in developing solutions to materially comply with the WCAG 2.0 guidelines, and continues its approach in respective functional areas to further develop functionality to comply with components of WCAG 2.1. You can find the Proactis Accessibility Statements on our website at https://www.proactis.com/uk/policies/product-accessibility/
• Accessibility testing: Proactis has tested using these technologies ourselves, without involving third parties.
• API: Yes
• What users can and can't do using the API: Proactis solutions make use of various APIs for different operational purposes, including information and data management as well as integration into third-party line of business systems.; ; Across the solution set, SOAP and RESTful APIs are used and fully documented. Proactis will make use of these APIs as part of any implementation, although customers will be able to consume them themselves for use in additional integrations etc.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Whilst Proactis solutions are customisable, in general, the preferred mechanism to meeting an organisation’s solution requirements would be to address these through configuration in the first instance, and only look to customise beyond the out of the box functionality where this would be the only way to deliver an optimal solution.; ; The level of configuration available in the Proactis platform ensures that Customers can build both their current 'as-is' processes, as well as their future 'to-be' processes. This can be done by the Customer themselves, Proactis Consultants or any other suitable third-party.

Scaling

• Independence of resources: Proactis uses virtualisation and storage area network (SAN) technologies to deliver the solution to clients. The environment is constantly monitored to ensure that there are no capacity issues. This includes monitoring of both the physical host and virtual machines to ensure CPU, network, memory and disk utilisation are not exceeding usage thresholds. The infrastructure design allows us to quickly and easily add more capacity when required with little or no impact on service availability.

Analytics

• Service usage metrics: Yes
• Metrics types: These are configurable to the customer.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Proactis Supplier Management, AP Automation, Marketplace, P2P, Contract Management, Sourcing

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Access to the hosted environment is only by approved Proactis personnel commensurate to their requirement in order to provision the service. All data is encrypted at rest within ISO27001 certified data centres. This is implemented via hardware assisted heads on the storage arrays and is applied to all datastores. All data is held on a secure back end network and securables (e.g. passwords etc) are 1 way salt encrypted. The data encryption Algorithm used is AES-256-XTS.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All Proactis solutions come with Advanced reporting tools allowing the customer to extract the data they require in the format they require it in.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Word
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • XML
  • Text

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Availability of the Hosted Services, excluding scheduled downtime, shall be 99.5% at all times. Service Credits are payable on any failure of service that does not meet expect SLA’s. Please see Maintenance and Support Services Terms attached.
• Approach to resilience: Proactis operates its systems under no single point of failure. Additionally, warm DR systems operate in a separate data-centre, meaning live systems can be brought back with a 6hour RTO and 30minute RPO.
• Outage reporting: Proactis will notify any Customers affected should an outage occur by contacting the Customer's nominated representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces, and access to them, are fully controlled by the customer who can assign roles and responsibilities as required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus Isoquar
• ISO/IEC 27001 accreditation date: Last Audited September 2022
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISAE 3402 Type 1

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISAE 3402 Type 1; Cyber Essentials and Cyber Essentials Plus
• Information security policies and processes: Proactis is certificated to ISO 27001 and has a comprehensive suite of IS policies which are reviewed and updated each year internally by the appropriate teams. External audits of the system and processes are undertaken by Alcumus Isoqar, a UKAS accredited auditor on an annual basis. Security governance forms part of our certification. All new starters are required to read and confirm adherence to all policies and procedures, and at least annually all staff members must sign to state they have read and understood the IS policies and any updates during the period. Any failure is reported at Board level. As part of the externally-audited standards, Proactis has a dedicated, independent, Compliance Team, one of whom is also the Proactis Data Protection Officer. The team reports directly to the Chief Financial Officer. The Compliance Team is also supported by key personnel within the ITAS function (IT Availability Services).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All source code is tracked through life using industry standard source control, which logs all changes made and impacts. Additionally, all changes made to our hosted environments follow a full electronic change control process. Both are audited as part of our ISO27001 accreditations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Risk assessments are carried out at least annually by ITAS and Compliance. The infrastructure undergoes separate penetration tests conducted by an independent third party, with any outputs being assigned to a remediation plan.; ; We use a variety of sources to recognise potential threats. Internal and external vulnerability scans of our environments for known threats are undertaken using industry-leading software, with reports compiled and reviewed on a monthly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Through our ISO/ISAE requirements, we have specific processes and procedures in place to actively monitor and react to any potential compromises, as does our Service Provider. This process includes Board Level notification of any such suspected breaches. If such a compromise is discovered then an immediate impact assessment is performed and necessary actions taken based on this review. Normally we would inform any customers affected as soon as is practical, except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Proactis documented Incident Management process is audited through our ISO/ISAE accreditations. There is scope designed within the process to allow for RCAs, forensic analysis and so forth, based on the type and severity of incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our services can be delivered entirely remotely, reducing carbon footprints through the removal of travel and reduction in carbon emissions, helping companies and organisations in their drive towards net zero. We are ISO14001 accredited and will always strive to influence staff, suppliers, customers, and communities to leverage the most environmentally advantageous routes to desired outcomes, including where feasible remote delivery and paperless engagements.

  Tackling economic inequality

  We look to increase supply chain resilience and capacity. We are proud to be a Supporting Member of the Social Enterprise UK, which is the leading global authority on social enterprise partnering with and supporting social enterprise and increased social value in local and national communities across the UK. As an SME and with a keen interest in helping UK / local social enterprises (SEs) and SMEs build and grow, we look to engage SEs and SMEs wherever we can within our supply chain.

  Equal opportunity

  We are a Disability Confident Employer and an Equal Opportunities Employer. We are proud of the employment practices under which we operate and invest heavily in sustaining a positive, supportive, and flexible workplace culture. Embridge Consulting is committed to promoting and delivering equality, diversity, inclusivity, and positive culture in the local and wider communities. A Supporting Member of the Social Enterprise UK, and a certified Disability Confident Employer, we do not believe that individuals should be measured or determined by characteristics, but by what they can do and deliver. We are a wholly inclusive employer who will always look to recruit and onboard people with the right work ethos and behaviours, as well as exceptional skills and knowledge, priding ourselves on always being able to say that we promote fairness across all of our actions. Embridge Consulting is proud of its commitment to actively support fair and equal treatment, overcoming inequality, and helping to bridge the gaps and allow people opportunity to realise their full potential. As part of our ethos, behaviours, and Disability Confident certification, we actively influence staff, suppliers, customers and communities to support disabled people and promote the representation of disabled people in a workplace setting. ; ; We take great care to ensure that all our staff and those whom we can impact in a positive way are free from discrimination, restraint, or unfair or poor treatment, believing in the value of human beings and the contribution an individual can make for the better of our local and wider communities. We do not behave or act in a way which is contrary to these beliefs, and we would disengage immediately with any partner or business we felt to be behaving against our approach to equality and fair treatment.

  Wellbeing

  With our positive and supportive culture of fair and equal treatment, respect, and care, we utilise our skills and abilities to deliver the best we can for the people who matter – our staff and our communities. At Embridge Consulting, our staff are given a variety of wellbeing mechanisms from Day One of employment. We have in place comprehensive support for our team members and their families and we actively encourage open conversations and collaboration on identifying wellbeing challenges and how to support resolutions for people. We have Mental Health First Aiders across our organisation who support our team members experiencing challenges and are able to lead information dissemination on wellbeing best practice and approaches to better wellbeing, physical, and mental health. We are always looking to open dialogues and drive conversations about wellbeing and influence staff, suppliers, customers, and communities to take wellbeing seriously and drive better focus on wellbeing and positive impacts across individuals and communities.

Pricing

• Price: £12,450 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.