Achilles Information Limited

Supplier Risk Management and Due Diligence

Achilles supply chain risk and assurance management platform. Collection and validation of supplier data with reports to ensure compliance which can be exported to P2P systems including SAP, Oracle, Jagger, Proactis, Coupa. Supports ESG, PPNs, the Procurement Act along with supplier search, selection, due diligence, carbon reporting, audit and training.

Features

• Cloud based supplier management platform
• Analytics including PPNs ESG Carbon reporting
• Sustainability, Ethics, Carbon & Modern Slavery conformance
• Supplier scoring
• Full procurement training for users
• Supplier data validation (in-house team)
• Watch List monitoring and alerts
• Cloud based platform solution
• 3rd party data enrichment
• Data export to P2P systems

Benefits

• Source from approved, qualified suppliers
• Analytics reporting to support decision making
• Easy for suppliers to submit data once visible many buyers
• Increased efficiency for procurement teams
• Receive Alerts on Supplier status changes
• Ensure your supply chain is Sustainable
• On-site Auditing service available
• Choose questions H&S, Environment, Carbon, Cyber, Modern Slavery, Sustainability
• All supplier data is fully validated
• Evidence compliance with PPNs and Procurement Act

£5,000 to £75,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.smith@achilles.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

830127142319698

Contact

Jennifer Smith
07917630010
jennifer.smith@achilles.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Modern browser
  • Access to internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During working hours 30 minutes response.; Online help articles available at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via main website
• Web chat accessibility testing: Testing complete
• Onsite support: No
• Support levels: Dedicated Account Manager ; ; Technical level 1 to 3 support; ; Dedicated Supplier on-boarding manager
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide onsite training, online training, user guides and telephone support.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users are given the option to extract a CSV file
• End-of-contract process: Access to the platform ceases at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: REST API to export supplier data
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Questions; Scoring; Assessment; ; Achilles works in partnership with each client to understand their specific needs and customise the service as required.

Scaling

• Independence of resources: Achilles uses load balancing to efficiently distribute incoming traffic across a group of back end servers

Analytics

• Service usage metrics: Yes
• Metrics types: System overview and audit tracking
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via CSV or Excel extract
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5% up time excluding planned maintenance
• Approach to resilience: No single point of failure in network and server design.; Protection for single component failure provided by Hardware Load Balancing and Server Clustering.
• Outage reporting: A hosted Service Status Page is available publicly.; Services and Hardware are monitored 24/7 with email alerts to Global support teams.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is controlled through a Role Based Access model with data restricted to its intended audience.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 21/02/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001 ensures policies and procedures are adhered to by all Achilles staff.; For example, a Security Incident would be raised to the Security Team and regularly reviewed by the Security Committee and Executive Board.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are raised with documented risk assessments and clear implementations including rollback scenarios.; These changes are then Peer reviewed by a senior member of staff before being approved by a Technical Manager.; There is a regular CAB meeting to oversee all changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All systems are patched on a quarterly basis through centrally managed mechanisms.; Zero day vulnerabilities are patched as soon as possible.; Security partners such as Microsoft, Sophos, Qualys and external hosting provider.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All servers are protected by Anti-Virus, Service Incident Event Management (SIEM) log collection, and IPS/Firewalls.; ; Security Partner monitors events 24/7 and escalate incidents via agreed teams.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As part of our ISO27001 accreditation we have an ISMS that all Achilles staff can access to report Security Incidents.; ; Incidents are then reviewed and correctives actions are taken if necessary.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Policies and processes in place monitored and approved at board level

  Wellbeing

  Policies and processes in place monitored and approved at board leve

Pricing

• Price: £5,000 to £75,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.smith@achilles.com. Tell them what format you need. It will help if you say what assistive technology you use.