Skip to main content

Help us improve the Digital Marketplace - send your feedback

Basware Holdings Limited

Basware ePayments

A card enabled prompt payment service enabling buyers to pay suppliers using virtual procurements cards. Providing enhanced VAT-compliant line level data for easy reconciliation of transactions using existing monthly card statements. The use of a master merchant means that suppliers do not have to accept procurement cards to receive payment.

Features

  • Pay suppliers using virtual procurement card without issuing physical cards
  • All the benefits of procurement cards including rebates and insurance
  • Full line item level data (level 3 data)
  • Enhanced data including finance codes etc on statement for reconciliation
  • Reconcile payments using your existing card solution
  • Line level VAT data for VAT reclaim
  • Suppliers paid by Faster-Payments so don’t need to accept cards
  • Suppliers paid using master merchant within 72 hours

Benefits

  • No invoice processing
  • Meet prompt payment guidelines
  • Improved cash-flow for buyers and suppliers
  • Extend categories of spend being paid safely using procurement cards
  • Increase rebates
  • Optimal efficiency – end-to-end electronic paperless process
  • Process integration efficiencies without costly integration
  • Seamless – no need to change processes
  • Services of a master merchant means inclusion for SMEs

Pricing

£0 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@basware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 6 0 5 6 4 4 5 1 0 7 9 4 0 1

Contact

Basware Holdings Limited Paul Newman
Telephone: 0845 603 2885
Email: info.uk@basware.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Basware ePayments is an extension to the Basware Marketplace service that enables payments to be made to suppliers using a virtual card. It has pre-built integration with solutions from vendors including: Oracle, SAP (including Ariba), Unit 4, Advanced Business Solutions, Proactis, Civica, Integra and Capita.
Cloud deployment model
Public cloud
Service constraints
We operate a rolling maintenance programme, with releases normally scheduled on monthly basis outside of core hours. The release schedule is designed to protect the live computing environment through the use of formal processes and procedures and to facilitate software and possibly hardware releases into the managed IT environment. The timing and activities of the planned maintenance will be in accordance with the schedule unless otherwise specifically agreed and will be carried out during non-core hours with release notes provided to nominated customer contacts.
System requirements
User access via a supported browser (TLS 1.2 or higher)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour during normal business hours Monday to Friday, excluding Bank Holiday and weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
ServiceNow test the accessibility of their products using the assistive technologies JAWS, NVDA, and VoiceOver.
Onsite support
Yes, at extra cost
Support levels
Basware offers two elements of post go live services to its customers in the areas of Service Desk and Customer Service Management. The Service Desk provides a channel of communication, information, and resolutions to customers in connection with assistance for unplanned interruptions to a Service or a reduction in the quality of a service or requests for a task or action to be performed or information be provided. The service operates several different service levels which:
1) Determine the response times dependent on severity of the incident raised
2) Support targets for the levels of marketplace availability
3) Assist in the management of interruptions to service for planned maintenance and upgrade.
Designated Customer Service Managers work with our customers to understand their business strategy and development plans to assist the customer in realising the business value from their solution and Basware experience. The CSM will work with the customer to understand their processes, internal key performance indicators including driving supplier adoption. The CSM will also build the improvement roadmap in collaboration with the customer and support the customer with incident escalation via the service desk where required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
There are four distinct phases to the implementation of the Basware Marketplace:
(1) The project Start-up, working with Basware consultants this phase will lay the foundations for a successful implementation.
(2) The Build phase then includes delivering the technical integration and organisation readiness activities needed to utilise the system.
(3) Following the build comes a Launch and Run phase where the customer organisation goes ‘live’ with the system and shifts from pure project to an operational setting and eventually full business as usual and,
(4) Finally Advance which transitions from delivery of phase 1 of the solution back in to iterative cycles of Build and Launch to deliver additional functionality, process, content and/or users across the organisation until the projects objectives are met.
These project phases are supported by the Project Management, Senior project sponsorship and Stakeholder engagement activities that are critical to the project’s success.
On-site training is provided during the build phase on a train-the-trainer basis and the implementation and operations are fully supported with additional material such as online documentation training videos.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
As it is an entirely managed service it is simply a matter of ceasing access to the service and ensuring that all client owned information is returned to them. This is part of the service provided. If the service is terminated then all business documents and associated metadata held within the Customer's systems can be exported using the application's export functionality by the Customer. Metadata will be in human readable format.
End-of-contract process
On completion of the call off, we can simply cease the services and the processes for doing so are clearly articulated within the arrangement. As it is an entirely managed service it is simply a matter of ceasing access to the service and ensuring that all client owned information is returned to them. All confidentialities relating to the services are maintained indefinitely as part of the arrangement.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Many pages are optimised for screen size and touch
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface is accessible either via direct login or via Punch-Out. The service interface provides access to both the procurement and system administration tools. System administration tools are only accessible via direct login. The system functionality available to each user is determined by their role. The role for each user is determined by the system administrators. When accessing the solution via Punch-Out, the system administrators can also determine which procurement functions are available to their end users as well as the catalogues and content that they have access to.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Internal testing using tools to verify the level of compliance with WCAG standards.
API
Yes
What users can and can't do using the API
There are two principle APIs for the service:
1) Punch-out API. This is an API that enables customers to access the system from their own ERP/P2P system. It supports industry standard punch-out mechanisms including cXML, Oracle OAG XML and OCI. Once they have accessed the system, the users are able to undertake various activities on the platform based upon their user role.
2) Transaction Engine API. The transaction engine is a sophisticated and proven middleware platform that enables integration between customer and supplier systems for the transmission and receipt of transaction documents such as purchase orders and invoices. The transaction engine supports a wide variety of options and can be configured to interface with virtually any end system using various API types.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Basware uses databases with sharding to separate customers over multiple database instances. Our platform is based on parallel micro services running over multiple virtual servers in the cloud. We also use queuing and batching for large tasks to reduce load issues. CPUs, memory and instances are all flexible in the cloud.

Analytics

Service usage metrics
Yes
Metrics types
We provide monthly reporting to customers that includes:
- Service desk calls showing split by incident/request including priority
- Service desk performance (open/closed calls)
- System availability
- Service desk availability
- Transaction volumes/values
- Spend analysis by commodity
- Supplier volumes
- Supplier status reports
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The service can be scheduled to export data and image files on a regular basis. Documents can be bulk uploaded in XLS, XML and CSV formats. Basware can support virtually any structured data format.The service will export individual transactions either grouped into a batch or as separate invoice sets (content, image & attachments). The latter is the more common method of transfer. These can be Zipped and signed as required.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service availability is 99.9% of time during a combination of Core and Non-core hours. Core Hours is classed as 0800 to 1800 Monday to Friday (excluding Bank Holidays) and Non-Core Hours is all other times.
Non-Core hours can be reduced by 12 hours per month for planned maintenance and 48 hours in the month of a major upgrade.
A service credit regime is included as part of the Service Level Agreement.
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Basware has documented logical access controls, for requesting and granting access rights to production systems and applications. Access is on a role-based model, approved by management. Access rights are removed from operating systems and applications immediately after termination/transfer of employment and specific notification from HR or supervisors. Access profiles defining roles based on user job functions are documented and used to restrict access. These follow the principle of least privilege. Root, Administrator and other privileged operating system level access to production system is restricted to authorised individuals. Operating system and applications are configured to enforce minimum requirements for password quality/expiration.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DNV GL Business Assurance Ltd
ISO/IEC 27001 accreditation date
17/04/2024
What the ISO/IEC 27001 doesn’t cover
The service is fully covered by the certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Basware’s UK services are operated under an ISO 27001 ISMS certified by a UKAS accredited certification body and a Cyber Essentials Plus certification.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The Basware solution has been built to be managed by our customers and configuration changes would typically be carried out by the customer organisation. Basware's software as a service offering does not work on the approach that our customers are buying services from us for configuration changes. If Basware is required to make changes then a formal and documented change management process must be followed. Configuration changes are documented as change request tickets.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Systems are scanned for vulnerabilities at regular intervals. Customer production systems are scanned weekly. Customer and internal IT production systems are scanned internally with privileged system credentials for: hard-to-find vulnerabilities and configuration errors, installed software patches, and system configuration compliance against applicable benchmark standards. Risks are recorded in a risk register. The risk assessment includes business impact assessment, threat assessment, and vulnerability assessment. Risk management includes risk mitigation actions, risk avoidance, risk transfer, and risk acceptance in full or in part. Risk mitigation may include preventive, reactive, and corrective actions. Reactive and corrective actions are triggered by risk realisation.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
If production systems and business applications generate security events, for example both successful and failed instances of user logon and logoff, changes in privileges, such as user and access management, software changes and removal, system and application configuration changes, and significant system events. Create, read, update, and delete access on customer data is monitored. Exceptional access (outside of standard data flow) generates security events. Security events are transferred to a secure monitoring system as soon as events are generated and buffered locally to prevent event loss in case of break in communications with the secure monitoring system.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Production environments are monitored for incidents and failures and incident tickets are opened for anomalies. Monitoring includes internal and external performance. Production environment activity is monitored by reviewing most common system and application log events in weekly meetings. Event logs are collected and stored. A service level agreement (SLA) for service availability and performance is in place. Performance against the SLA is monitored, measured and reported to customers on a monthly basis including statistics on incident management.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

Fighting climate change

We are committed to reducing our environmental impact, particularly our carbon footprint, through our solutions which we innovate for customers and our day-to-day business operations. Reducing our carbon footprint through our business operations is accomplished through a two-pronged strategy centered on creating sustainable offices and reducing emissions from business travel and commuting. Whilst we recognize our journey towards achieving net zero emissions is just beginning, we are pleased to share that we are continuing to make promising progress.

Equal opportunity

Our goal is to empower all employees to bring their authentic selves to work, knowing that their unique perspectives and experiences contribute to our collective growth. Together, we strive to build a culture that embraces diversity, promotes equity, and celebrates the power of inclusion. Our Employee Relations Policy outlines our commitment to promoting DEI&B within the organization, resulting in a respectful and productive work environment. Our Code of Conduct emphasizes the company’s commitment to diversity by recognizing and respecting all individuals regardless of race, sex, religion, political beliefs, disability, sexual orientation, gender identity, social status, age, or any other legally protected status.

Wellbeing

Our employees’ health and happiness have an impact on their engagement and productivity, as well as the company’s success. We are committed to promoting our employees’ wellness through a comprehensive set of tools (listed below) that empower individuals, foster community, and promote overall wellbeing. By investing in these, we hope to create and maintain a healthy work environment in which employees can thrive professionally and personally. We want to contribute to a sustainable and socially responsible future by aligning with ESG principles and having a positive impact on our workforce and beyond, using strategic pillars, clear objectives, and a robust set of tools.

Pricing

Price
£0 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@basware.com. Tell them what format you need. It will help if you say what assistive technology you use.