CIO-OFFICE LLP

Spend Analytics

Our Spend Analytics service answers the ‘Spend Cube’ questions; who is buying what, from whom and at what price, and provides the foundation for evidence based strategic procurement.

We provide a platform for spend management and strategic procurement. Our data driven approach demonstrates the change impact on your business.

Features

• Links to SAP and other external sources
• An easy to use Dashboard based user interface
• Keyword search
• Invoice level search features
• Payment term analysis
• Number of suppliers per category
• Geographical information
• Category and supplier spend
• Configurable reports and dashboards

Benefits

• Rapid deployment – Quick Win program
• View actual spend and suppliers
• High Value – Tail Spend – Pay Term alignment
• Line item “free text” analysis – high value phrase
• Analyse, identify and prioritize savings opportunities
• Create categories based on actual spend
• Establish health of invoicing / detail level provided
• Identify opportunities for behavioural change
• Consolidate, aggregate, improve

£3,000 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at roy.irvine@cio-office.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

806226962741036

Contact

Roy Irvine
07833207816
roy.irvine@cio-office.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No service constraints
• System requirements: Standard javascript enabled web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email questions are provided with an initial response within 2 normal working days (9.00 am to 5.00 pm, Monday to Friday). Cases are prioritised according to business impact.; P1 - Service is unavailable and normal business cannot continue; P2 - Service performance compromised, some elements unavailable; P3 - Service fully available with workarounds; P4 - Service available but with cosmetic errors; ; Further response times are based on priority and complexity.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Specific support requirements are agreed and a technical account manager is identified at time of deployment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will support you through the provision of an initial discovery stage where diagnostic workshops will be carried out. A data transformation stage extracts PO & Invoice data to create the data warehouse. A calibration step processes the data to identify stop-words, calibrate word groups, assign GL codes and customer taxonomy. The data is also de-duplicated. Change control is applied to ensure data integrity. We will then configure your dashboard using standard views and creating any custom views that may be required by stakeholders such as Finance, Procurement teams and Category Leads.
• Service documentation: No
• End-of-contract data extraction: Data can be exported in MS Excel format.
• End-of-contract process: At end of contract all customer data will be returned to the client in the format provided. Dashboard access rights are withdrawn. All customer profile information is deleted. Customer data is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Pages are mobile aware. There are no operational differences.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The initial 'discovery' stage identifies any custom data views required by the customer stakeholders. These are configured and made available by CIO-OFFICE and made accessible via the online dashboard.

Scaling

• Independence of resources: CIO-OFFICE use Microsoft's Azure platform to ensure that computational and storage resources can be scaled quickly to meet user demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is stored within Microsoft's secure Azure cloud. Microsoft is recognized as an industry leader in cloud security. A defense-in-depth strategy protects data through multiple layers of security (physical, logical and data). This includes:; * Port scanning and remediation; * Perimeter vulnerability scanning; * Operating system security patching; * Network-level distributed denial-of-service (DDoS) detection and prevention; * Multi-factor authentication for service access.; ; Leveraging Microsoft's cloud platform ensures secure, scale-able and resilient hosting.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is exportable by the customer in MS Excel format.
• Data export formats: Other
• Other data export formats: MS Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service levels are agreed to reflect the requirements of individual customers. The Azure platform provides accessibility in excess of 99.95%.
• Approach to resilience: CIO-OFFICE use Microsoft's Azure Enterprise 365 E3 platform to ensure datacentre setup resilience. The platform provides availability in excess of 99.95%.; The setup utilises multiple layers of hardware redundancy, dynamic failover, multiple datacentres and service backup and restore.
• Outage reporting: Service outages are reported by email alert to a nominated customer representative or representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access restrictions are inherent within the system and are managed via the system's administrative interface.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is approached in line with the requirements of ISO27001.
• Information security policies and processes: CIO-OFFICE follows security policies and processes in line with ISO27001. Information security is overseen at board level.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CIO-OFFICE operate an Agile development lifecycle with defined sprint and release cycles. These are managed and controlled at board level.; All software changes are assessed for security impact prior to release with roll-back to previous release level if necessary.; ; Testing and development is done in specific environments and the maintenance of version control ; change management covers all operational processes and procedures. Changes take place with minimum of disruption to the service. All raised change requests are submitted to Change Management for approval. Approved changes are scheduled and proceed to completion.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As the service is provided through the Azure platform, system threats and operational vulnerability are managed by Microsoft. The service is monitored using tools provided by Microsoft Azure and other service components.; ; Service vulnerability patches are RAG risk assessed on the basis of likelihood and impact, and deployed as soon as is practicable.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CIO-OFFICE uses available monitoring tools to identify any potential compromise to the service, in line with industry best practice. After assessment, and if appropriate all users of the service will be notified by urgent email of a potential compromise. Any vulnerability will be addressed and patches applied. The service will only be suspended under extreme circumstances, where the assessment deems it appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: CIO-OFFICE have a defined incident management process in line with industry best practice. User identified incidents are reported by email and escalated to the appropriate service delivery point for resolution. The responsible Director will also be informed. Incidents are tracked from report to resolution with regular user updates by email and/or telephone as appropriate. The affected users will be notified by email on resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CIO-OFFICE is a low carbon business. We take our commitments to fighting climate change seriously and for any engagements through this contract we will reduce business travel carbon emissions and continue to promote collaborative technologies and allow people to work together without needing to travel. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria deemed relevant to the contract.

  Covid-19 recovery

  CIO-OFFICE is committed to supporting the recovery from Covid-19. We offer upskilling for our people in the new ways of working and making our spaces Covid-secure to allow for safe working. We also provide experienced resources to the government to deliver new programmes at short notice, enabling the country to respond to and recover from the pandemic swiftly. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria deemed relevant to the contract.

  Tackling economic inequality

  CIO-OFFICE commitment to having a positive impact on society is a long-lasting one. We understand that we have a responsibility to our communities, both those we work in and beyond to help reduce inequality, raise aspirations and promote social and digital inclusion. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria deemed relevant to the contract.

  Equal opportunity

  CIO-OFFICE beliefs and principles are at the heart of everything we do, ensuring our approach and delivery supports the basis that all human beings are born free and equal in dignity and rights. We are committed to ensure all our business practices are conducted in an honest, transparent, inclusive and ethical manner. This includes, but is not limited to, our commitment to recruiting, developing and retaining the most talented people regardless of background. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria deemed relevant to the contract.

  Wellbeing

  We pride ourselves on promoting wellbeing for our people, and as part of our engagement with clients we always recognise the importance of health and wellbeing in enabling the team to be at their best and focus on the most impactful areas. We also provide a subscription to the ‘Headspace’ app for all staff, which provides mental health support and exercises. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria deemed relevant to the contract.

Pricing

• Price: £3,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at roy.irvine@cio-office.com. Tell them what format you need. It will help if you say what assistive technology you use.