GSPV LTD

Accounts Payable Control Centre

AI-powered software that bolts onto your finance systems to enhance Accounts Payable controls, automate tedious tasks and deliver meaningful insights.

Features

• On-going payment audit
• Automated supplier statement reconciliations
• Intelligent inbox management
• Ticketing
• Retrospective AP audit
• AP reporting
• Master vendor file data cleansing and enrichment

Benefits

• Proactively capture duplicate invoices
• Proactively detect fraudulent payments
• Mitigate AP risk
• Protect working capitol
• Prevent third party audit fees
• Identify missing credit notes
• Identify missing invoices
• Improve payment on time metrics
• Adhere to supplier SLAs
• SOX compliance

£40,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.roiter@xelix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

685006728337076

Contact

Paul Roiter
07903 276 249
paul.roiter@xelix.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Add on to the company's financial systems such as SAP, Oracle, JD Edwards, Microsoft Dynamics 365, etc.
• Cloud deployment model: Public cloud
• Service constraints: Accessed via any modern browser
• System requirements:
  • Any modern browser
  • Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 business hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Each client is assigned a client success manager who will ensure your support requests are resolved within agreed SLA support times
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online or in-person training (location dependant) to all end-users on the platform
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Clients can request data to be extract from the platform and users have the ability to extract data.
• End-of-contract process: No additional costs at the end of contract. All data will be deleted from the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Data, reports, rules, look and feel to an extent.; Users have access to create and modify dashboards, customise views and sort/filter.

Scaling

• Independence of resources: Platform is fully multi-tenented and supports auto scaling

Analytics

• Service usage metrics: Yes
• Metrics types: We can highlight invoice and vendor errors that have been actioned, and which remain to be actioned.; ; All vendor reconciliations are tracked and displayed via dashboards.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Through the platform.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: We do not run a corporate network - all platform infrastructure resides within a private network in AWS
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: The platform is built across multiple availability zones and is architected for High Availability
• Outage reporting: Via e-mail through your allocated Client Success Manager

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: User have no access to the platform management controls. There are only 2 tiers of users in the platform, with the Administrator users having access to additional dashboards, user management etc.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification Ltd
• ISO/IEC 27001 accreditation date: 22/10/2022
• What the ISO/IEC 27001 doesn’t cover: Client Financial Reporting - Xelix is purely an analysis platform
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC II Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC II Type 2
• Information security policies and processes: ISO27001 and SOC II policies and controls are in place

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests follow a process defined in ISO 27001 to include a risk assessment, peer code review and deployment plan.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Should a vulnerability be found through internal testing, vulnerability scans or penetration testing then a ticket is made to document and track progress until it is resolved.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Numerous application monitoring and alerting systems are in place which trigger alerts for events such as abnormal CPU load, low disk space, unusual database activity and so on.; Potential compromises are raised and treated with the highest priority and given immediate attention.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are managed via our Incident management policy as part of our ISO27001 framework

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We offset 100% of our carbon emissions as a business each year

Pricing

• Price: £40,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.roiter@xelix.com. Tell them what format you need. It will help if you say what assistive technology you use.