Moore Stephens Insight Limited

Vena – Planning, Budgeting and Forecasting Solution Integrated with Excel

Vena's CPM platform combines deep FP&A planning capabilities, AI-powered reporting and analytics, flexible workflows and robust data governance with the productivity, collaboration, and innovation of your Microsoft applications. Vena is natively integrated with Excel, Microsoft 365 and Open AI technologies to empower Finance teams- complete planning platform with enterprise-level scalability.

Features

• Integrated software for business planning across the whole organisation
• Consolidated reporting in real time
• Workflow automation for key processes
• Full audit trail of user inputs
• Native integration with Excel
• Data source system agnostic with APIs, native connectors and ETL
• Ease of use, purpose-built for Finance without expensive third-party support
• Dashboard reporting with embedded Microsoft Power BI
• Visibility of financial and non-financial performance
• Integrates with ERP solutions

Benefits

• Reduced costs of ownership in medium term
• Increase user adoption and utilisation with familiar native Excel interface
• Connect multiple data sources into a single source of truth
• Increased visibility over key financial reporting and planning processes
• Ensure data integrity and accurate reporting with real-time data refresh
• Significantly reduced lead times for key processes including monthly closedown
• Automate spreadsheet-based processes with full auditability and transparency
• Automate business-wide processes with Vena's applicability across multiple use cases.
• Lower your upfront investment, and see value faster
• Secure financial data with advanced security features and role-based permissions.

£125 to £850 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

831681457109982

Contact

Antonia Martin
020 7952 4690
info@moore-insight.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Not applicable
• System requirements: Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Maximum first response wait of 1 business day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via the support pages on the website, or via the Help feature embedded into the Vena application.
• Web chat accessibility testing: Not known
• Onsite support: Yes, at extra cost
• Support levels: Standard Support Plan; Every customer has access to our Standard Support Plan for online and telephone support, including:; • 24/7 application monitoring; • Help desk phone and email support from 24/5 Monday-Friday; • Unlimited case submissions; • Up to 3 Power Users to contact Vena support; • Maximum first response time of 1 business day; • Access to the Vena Customer Portal, online videos, FAQs, user guides, and a community help forum in our knowledge base; • A dedicated Customer Success Manager to help recommend products, services, and processes to help you get the most out of Vena; ; Extended Support Plan; For after-hours support and accelerated response times, our; Extended Support Plan combines all the services of our Standard Support Plan with:; • 24/5 Help Desk with on-call telephone support; • Maximum first response time of 2 hours for Severity A issues; • Up to 20 Manager or Administrator users to contact Vena support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided as well as a range of consulting services to assist with implementation and data import etc.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Online learning portal with Video Tutorials
• End-of-contract data extraction: Customers can easily access their data by doing a mass or queried export within the Vena application. Vena supports .csv format for data export.
• End-of-contract process: Contracts are normally renewed on the contract anniversary. If a customer wishes to terminate the contract then all customer data is permanently deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same functionality. It is not a separate mobile application, rather Vena users can easily log into the application via any mobile device through their mobile browser.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Vena API is a REST API that allows users to; • Retrieve template information; • Upload files to steps; • Create jobs; • Edit jobs; • Run jobs; • Export Data
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Vena provides a fully configurable set of tools that does not require code customisation.; ; This includes data modelling, workflow management and template/report design, which leverages all the capabilities of a native Excel interface. Customisations will not be impacted by product upgrades. Below is a list of just some of the ways in which the Vena application may be customised/configured to meet your unique business requirements:; ; Drag-and-drop workflow process designer including input steps, review steps, alerts and report access.; ; Customised workflow messages, including autofill with specific data.; ; The ability to require managers to acknowledge receipt/review/approval of reports(s); ; User permissions pertaining to access and security.; ; The database can be fully configured to support tables and fields as required. Templates and reports are authored in a native Excel interface and can be completely customised.; ; Pre-formatted reports that can be leveraged as a starting point. Vena leverages a native Excel interface as the authoring environment, which allows clients to customize their reports as needed.; The ability to create and customise dynamic validation rules based on user inputs.; Data visualisation tools to improve visibility into processes and conditions, as well as discerning trends and projections.

Scaling

• Independence of resources: As a multi-tenant SaaS platform, auto-scaling enables Vena to support unlimited concurrent users without performance degradation.

Analytics

• Service usage metrics: Yes
• Metrics types: Service status shared on public URL
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Vena Solutions

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Vena encrypts all client data at rest using AES-256 bit encryption. Passwords are also securely stored through one-way hashed (bcrypt) with salt.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Vena is source system agnostic and supports a full spectrum of data integration capabilities to connect and load data from any source systems, including ERPs/GLs, HRISs, CRMs and more. Vena offers multiple methods of data integration to our customers, along with Extract-Transform-Load (ETL) functionality, depending on your source systems, available resources, and preferences: ; 1. Manual integration through the web user interface; 2. Automated/scheduled integration of data via flat file format, extracted from any source system; 3. Automated/scheduled integration via productized API connections (including Netsuite, Sage Intacct, SalesForce, Quickbooks Online, MS Dynamics 365); 4. Automated/scheduled integration via Vena’s open REST API
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: TDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: All data in Vena is encrypted in transit using TLS 1.2 and at rest using AES 256-bit encryption, backed by the AWS Key Management System (KMS).

Availability and resilience

• Guaranteed availability: An SLA will be established with each Buyer according to their needs.; ; We will use commercially reasonable efforts to make the Service available with a monthly uptime percentage of at least 99.5%, twenty-four hours per day, seven days per week. ; ; For the avoidance of doubt, the Service is considered unavailable when the system/Service cannot be accessed by the Subscriber between the hours of 9:00 to 19:00 Monday to Friday, due to a service provider problem. In the event that Vena does not meet the Service Commitment, Subscriber will be eligible to receive a Service Credit as described below. ; ; Service Credits are calculated as a percentage of the proportional monthly subscription value of the total subscription fees paid by Subscriber for the Service (which was unavailable) in accordance with the schedule below. The monthly uptime percentage is based on the number of minutes the Service is unavailable outside of planned maintenance windows in a calendar month.; • Service is unavailable between 90-360 minutes-10%; • Service is unavailable for more than 360 minutes-40%
• Approach to resilience: Available on request
• Outage reporting: A public dashboard can be subscribed to – status.vena.io

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is granted based on an employee's role based on principles of least privilege. Only the access that is required for the employee to perform their duties is granted. Only a limited group of Vena employees on the Infrastructure team have access to infrastructure/systems hosting customer data, for the purposes of troubleshooting systems issues and performing maintenance. All access is audited and controlled through access management controls, such as API logs, two-factor authentication and VPN access to the environment. All backend operations to access any data (including backups) is logged via AWS CloudTrail.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 14/06/2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Not applicable
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC1 and SOC2 Type II Audits

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC1 and SOC2 Type II Audits performed by Deloitte LLP. The examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants.
• Information security policies and processes: We employ a three lines of defence model to govern risk management. This model is widely used in the industry. Each of the three lines plays a distinct role within our control environment. ; ; The first line of defence lies with the business and process owners, like IT, Finance, HR and Vena’s Cloud Operations teams, which are responsible for maintaining effective controls and for executing agreed upon risk and control procedures on a day-to-day basis. ; ; The second line is performed by our Corporate Security department and overseen by a Security Risk & Compliance committee, which supports management to help ensure risk and controls are effectively managed. This line performs risk management and compliance functions to help build and/or monitor the first line-ofdefense controls. ; ; The third line of defense provides assurance to senior management and the board that the first and second lines’ efforts are consistent with expectations. Vena employs independent external auditors for our third line of defense. They are solely responsible for providing an independent opinion on the sufficiency of the internal controls with respect to the requirements specified within accepted industry standards such as SOC.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The change management process requires that existing security control mechanisms are not negatively impacted prior to approval – adherence to existing controls is reviewed through automated build testing and manual peer core reviews.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vena Cloud is a fully Infrastructure-as-code production environment deployed across several distributed AWS regions, providing resiliency, reliability, recoverability and security. We routinely rotate in fresh AWS EC2 VMs on a weekly basis to pick up the latest, up-to-the-minute security releases and OS-level patches to ensure continuous compliance with critical OS-level vulnerabilities. All base images are scanned prior to deployment using automated vulnerability scans and any detected known vulnerabilities will halt the release. ; Additionally, Vena regularly performs external penetration tests by an independent third party on an annual basis.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Vena leverages Amazon Guard Duty, which is a continuous security monitoring service that analyses and processes the following data sources: VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs and DNS logs. Amazon Guard Duty uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorised and malicious activity within our AWS environment. This can include issues like escalations of privileges, uses of exposed credentials or communication with malicious IP addresses or domains.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Vena’s incident response framework provides the foundational processes for incident detection, management and recovery. The framework also establishes roles and responsibilities during an incident, including escalation procedures, incident classification criteria and response procedures. The foundations of the incident response framework were designed to meet the requirements laid out in ISO-IEC 27001:2013; specifically, the control objectives specified in A.16.1 Management of Information Security Incidents and Improvements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We will take a proactive, ‘one-team’ approach to minimising negative environmental impacts. This will begin via a structured collaboration programme, providing a channel for sustained engagement. At solution design workshops, we will jointly identify environmental objectives, opportunities for additional environmental benefits, and agree Social Value commitments. This will include creating a Risk Assumption Issue Dependency log, which will capture environmental risks/mitigations.; Reducing negative environmental impact also forms part of our own commitment to achieve Net Zero emissions by 2050, via our Carbon Reduction Plan and ISO 26000-aligned Corporate Sustainability objectives. They comprise measures that we implement across all operations:; • Implementing an Environmental Management System; • Energy conservation: Using low energy lightbulbs; renewable energy sources ; • Waste reduction: Recycling campaign (e.g. cartridges/batteries & via charities); digital resources; double-sided printing; avoiding single-use plastics (MI was recently appointed ‘Plastic Free Champion’ by Sheffield Action).; • Reducing emissions: Virtual meetings; encouraging public transport; Cycle to Work Scheme; Employee Electric Car Purchasing Scheme; Hybrid Working Policy (reducing office footprint by 66%).; • Reducing resource consumption: Procuring recycled products; purchasing locally; ecological cleaning products.; Education & training includes:; • Induction, with training on our Environmental Policy & Management System; • Environmental schemes, e.g. becoming ‘Plastic-free Champions’ ; • Workplace marketing/comms, driving behavioural change (e.g. recycling); • Travel campaign, requiring reporting on commuting and awareness of fuel/vehicle type.; Our Quality & Operations Manager is currently engaging with the Carbon Literacy Project to create a Carbon Literacy training programme, anticipated to be implemented in 2025.

  Tackling economic inequality

  Moore Insight are committed to supporting employees to upskill and climb the wage ladder through providing the best possible working environment and opportunities. Having been in business for almost 30 years, means that we know the importance of actively showing our staff how much they are valued for a productive and efficient team that translates into a high level of service for our clients. Therefore, we proudly maintain our Living Wage accreditation as well as being recognised by Great Place to Work as one of the UK’s Best Workplaces for Women 2023, one of the UK’s Best Workplaces in Consulting and Professional Services, and a Great Place to Work. ; With the help of the Living Wage accreditation, we will continue to recruit some of the most highly skilled consultants and employees for our business throughout any contract. We also commit to continuing to provide purposeful training and personal development courses to upskill our current employees.; Additionally, all staff receive two paid volunteering days per year to contribute to local/charity-based projects, facilitated by our employee volunteering software, Matchable. This enables staff to sign up to projects, segmented by skillset/geography, as well as assigning a monetary value to time/resource contributed for accurate measurement of impact, ensuring we are having a positive impact on the local community/economy.; As part of this contract, we would be offering our knowledge and expertise to local areas. At Moore Insight, each employee has two volunteering days a year to support the wider community. We currently use an online volunteering forum, Matchable, that allows you to focus on the locality of your volunteering as well as to specific skills and passions. The specific projects available allow employees to apply their skillset/experience to make a real impact.

  Equal opportunity

  We recognise Inclusion as a key theme and Moore Insight will commit to maintain the responsibilities set out in our Equality, Diversity and Inclusion policy throughout the duration of this contract. ; Moore Insight greatly values the individual contributions of all employees and recognises the value of diversity throughout the organisation. We have several key commitments within our policy that we will ensure to be maintained as part of any contract: ; • Ensuring terms and conditions of employment do not prevent disabled people from taking up new positions. ; • Train, develop, reward and promote on the basis of merit and ability; • New employees are asked to complete an equal opportunity monitoring form, ensuring we are able to monitor the breakdown of the workforce regarding information such as gender, age, ethnicity, disability etc.

  Wellbeing

  At Moore Insight, health and wellbeing is a key consideration throughout the organisation. Ways in which we establish this are below: ; We offer a Wellbeing Hour every month to every staff member. As part of Mental Health Awareness week in 2022 Moore Insight implemented the chance for employees to have an additional 60-minute break once a month to pursue activities that support their well-being. This is still in place as a standard benefit for all employees and most often includes extended lunch breaks, personal care, or classes relating to a hobby. This ultimately has reduced overall stress throughout the organisation, given staff more time to do something to be mindful, and care for their mental health. We would be happy to provide buyers with more details on this for you to implement within your organisations. ; Throughout any contract we will promote remote/flexible working. We allow up to 2 days a week working from home, not only does this reduce our overall carbon emissions, but also encourages a flexible working environment, enabling staff to fit their personal life around their work life.

Pricing

• Price: £125 to £850 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.