CIMPLE LIMITED

Cimple Dynamic Purchasing Systems

Cimple Dynamic Purchasing System (DPS) enables buyers to manage more complex procurement requirements and supplier lists. Suppliers can apply to the DPS at any point, and successful suppliers can be made available for services immediately. Create a DPS and quicken up your procurement processes.

Features

• Users are enabled to create accounts on Cimple
• Owners can set organisation permissions
• Add/remove and change users/user permissions
• Qualify suppliers onto your DPS
• Qualify other public sector customers to access your DPS
• Create a local list of suppliers utilising the location functionality
• Publish, be matched with suppliers and receive responses
• Evaluate, shortlist and award
• Manage all opportunity activity

Benefits

• Easy to create and publish your DPS
• Unlimited users allowed for every organisation
• Procure compliantly with contacts pushed to Contracts Finder/Find a Tender
• Engage directly with your suppliers
• Increase your social value with our built-in social value assessment
• Create mini-competition notices off the DPS
• Increase commercial savings and reduce operating costs
• Be intelligently matched with suppliers (including SMEs)
• All your procurement on one platform, save your email inbox
• Total price transparency, directed to the best deal

£500 to £500 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@cimple.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

786385387378189

Contact

Wyndham Plumptre
07971045637
team@cimple.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: All services are browser based using latest version of browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide one fully comprehensive level of support. The support desk is available from 9.00am to 5.00pm Monday to Friday. We have a team of full time staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, online training and user documentation as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Within 30 days of termination customer is provided data in the format of their request.
• End-of-contract process: Data extraction and managed off-boarding through our Customer Success team.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Other than the user interface being built for mobile there is no difference in the experience or the service.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: No

Scaling

• Independence of resources: Cimple has been built to be used by 1000s of organisations in parallel. We have built sufficient capacity into the Finder platform, ahead of customer demand. The infrastructure is continuously monitored and additional capacity is implemented as existing capacity nears predetermined thresholds.

Analytics

• Service usage metrics: Yes
• Metrics types: Please speak to your Cimple Customer Success Manager
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Requested through Cimple with 48 hour SLA.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% during core business hours (9am-5pm), Monday to Friday, excluding English bank holidays.
• Approach to resilience: We operate our systems under no single point of failure.
• Outage reporting: Cimple will notify any customers should an outage occur through our Customer Success Managers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Currently implementing other authentication techniques including 2FA and should be in place before the start of the framework.
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Currently implementing other authentication techniques including 2FA and should be in place before the start of the framework.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 20/08/2021
• What the ISO/IEC 27001 doesn’t cover: QMS perform our annual audit for recertification, therefore any changes or enhancement to Cimple during the year are then caught and reviewed in the next certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: All security certifications requested in process of being obtained

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security governance is a defined operating procedure for the business and available on request. All staff members must sign to state they have read and understood the Information Security Policy and this to be repeated annually.All new starters are required to read and confirm all policies and procedures and again at least annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All our source code is tracked through life using Notion and stored on Github.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a variety of sources to recognise potential threats, we also scan our environments for known threats on a weekly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have specific processes and procedures in place to actively monitor and react to any potential compromises. If such a comprise is discovered them an immediate impact assessment is performed and necessary actions taken based on this immediate review. We inform any customers affected as soon as is practical except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach varies dependent on the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Through G-Cloud 13, Cimple will track all Social Value metrics associated with the Social Value Policy 2020 on every contract and mini-competition issued. Also as an organisation, we promote a full remote working environment to support a reduction in our organisations impact on the environment through reduced travel.
• Covid-19 recovery:

  Covid-19 recovery

  Through G-Cloud 13, Cimple will track all Social Value metrics associated with the Social Value Policy 2020 on every contract and mini-competition issued.; ; As an organisation, we can also break this down into two areas of (a) Job Creation post Covid-19 and (b) Support for Physical and Mental Health for those affected by Covid-19. ; ; Job creation post COVID19: We are part of the kick-start programme and look to offer job or training opportunities through that programme as part of any new contract. On each contract we offer a free resource for our customers that are provided through that programme so that the individual can get the real experience required to then take on a full-time role within our organisation.; ; Support for Physical and Mental Health for those affected by COVID19: Over the last 18 months we have signed a number of mental health and well-being initiatives e.g. the Mental Health at Work Commitment. Well-being is now a key operational programme within our organisation providing support to our teams and has Exec Level and Non-Executive Board oversight.
• Tackling economic inequality:

  Tackling economic inequality

  Through G-Cloud 13, Cimple will track all Social Value metrics associated with the Social Value Policy 2020 on every contract and mini-competition issued. We currently run an internship programme that aims to provide up to 5 internships every year into our organisation of which the aim is for all of those to lead to full-time roles. These internships are based on any point in someone’s career, not just post-Graduate. Cimple, also helps improve the experience for SMEs and VCSEs on bidding on Government and Private Sector contract opportunities. This helps to reduce their costs of bidding on work as well as increase outcomes. We are ISO27001 accredited as well as Cyber Essentials & Cyber Essentials Plus helping us to mitigate the risk and impact of cybercrime.
• Equal opportunity:

  Equal opportunity

  Through G-Cloud 13, Cimple will track all Social Value metrics associated with the Social Value Policy 2020 on every contract and mini-competition issued. Also as an organisation, we have a clear diversity, equality and inclusion policy that is embedded in our recruitment and performance management processes. Secondly, we also track and report to our Non-Executive Board diversity metrics related to people and track risks/issues that are being faced with clear action plans. Thirdly, we partner with a neuro diverse consultancy that provides resources to our projects where the consultants, analysts and researchers suffer from ADHD, Dyslexia and Autism. Lastly, we have a clear modern slavery policy and track this as a risk through our broader supply chain partners (reporting to our Non-Executive Board).
• Wellbeing:

  Wellbeing

  Through G-Cloud 13, Cimple will track all Social Value metrics associated with the Social Value Policy 2020 on every contract and mini-competition issued. Also, as an organisation, we have a Wellbeing Lead within our organisation and the Wellbeing action plan is reported on to our Non-Executive Board. We have also signed several wellbeing initiatives including: The Global Business Collaboration for Better Workplace Mental Health, Living Wage Foundation, Mental Health at Work Commitment, Lord Mayor's Appeal This is Me.

Pricing

• Price: £500 to £500 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Our solutions is free to access for users to trial at their own wish. We only ever apply transaction fees at the point of transaction.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@cimple.uk. Tell them what format you need. It will help if you say what assistive technology you use.