Virtualstock Ltd

Virtualstock Marketplace

The Edge delivers scalable, digital technology, combining best-in-class eProcurement functionality, including an "Consumer-style" online marketplace, with integrated procure-to-pay (P2P), incorporating; product information management (PIM), catalogue management, e-invoicing, track and trace and analytics. Built using agile technology, The Edge delivers real-time interoperability and an exceptional user experience. GS1/GDSN/PEPPOL compliant.

Features

• End to end e-invoicing including an Integrated PEPPOL Access Point
• Consumer-style interface with built-in behavioural insight
• Flexible environment permits easy uploading of all supplier catalogues
• Millions of classified and categorised products
• Complete visibility of supplier pricing and alerting of pricing changes
• Comprehensive and easy to use search feature
• Masking to drive contract compliance
• Real-time track and trace visibility across the order lifecycle

Benefits

• Rapid deployment via agile delivery
• GS1 Certified Product Information Management (PIM)
• Enables suppliers to manage multiple price lists
• Dramatically reduces PO/invoice queries
• Enables organisations to achieve substantial cost of goods saving
• Connects with any existing IT infrastructure
• Accredited PEPPOL Access Point for eOrdering and eInvoicing
• Easy to use intuitive interface

£6,000.00 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gareth.mcfarlane@virtualstock.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

845660959061294

Contact

Gareth McFarlane
07720898752
gareth.mcfarlane@virtualstock.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Edge has regular maintenance windows of which customers are notified at least 7 days in advance. ; In these cases downtime is restricted to a 60 minute window which is outside of core working hours.
• System requirements:
  • Internet Access
  • Minimum Hardware requirements can be provided by Virtualstock upon request

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service Coverage and associated response times are determined by the respective Service Tiers (known as Standard, and Premium) and you can upgrade at anytime from Standard. Full details of the Tiers and response times can be found in our T&Cs document. ; ; As part of any engagement we would discuss and agree the services and support for those services that you require, along with the response times expected. These would feature in our proposal for your consideration.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We would discuss and agree with you the support levels that you were looking to acquire and we would create a service support proposal for your consideration. This would set out the services to be supported, the service levels and the response and resolution times across the hours of support, the help desk arrangements, integration with your service management desk, reporting and communication, account management and the monthly cost of providing the service. Typical response times are as follows: Case Severity/Response Times - General guidance: < 24 hours, System impaired: < 12 hours, Production system impaired: < 4 hours, Production system down: < 1 hour, and Business-critical system down: < 15 minutes.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Virtualstock’s onboarding process for The Edge includes:; -Development of a Statement of Work / Configuration Document Set up / development phase; -Supplier On boarding; - User set up and configuration ; -Go live Support; -Post Go Live (Business as Usual); ; Prior to go live Virtualstock will conduct a train the trainer exercise. This ; may be the Key Client Contact or other named individuals who will be responsible to train client users. ; ; The Edge comes with a complete set of user guides. The user guides are updated on a regular basis in line with the product development releases.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: If a customer decides to stop using any of the Virtualstock services, the appropriate service will be turned off for that customer. Any data held by Virtualstock can then be exported in an appropriate format that can be agreed with the customer. Subsequent to the data export, the client’s; information held by Virtualstock will be securely removed from the service.
• End-of-contract process: At the end of a contract we shall afford any customer 10 Business Days within which you may download or export your Data including any Personal Data from The Edge and move it to another platform. Any further services or prolonged access can be discussed with Virtualstock and a cost provided.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functionality for the Edge4Health is available across mobile and desktop services.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Users are able to contact the Virtualstock service desk for any discussions or request for access to The Edge APIs. Our in house technical and engineering teams can provide guidance and support with relevant documentation on the API setup and ongoing management. ; ; There are no restrictions on the number of users who can access the API. The only restriction for any user is to ensure they have the correct permissions via the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The Edge Service is hosted and auto-scaled on IBM Cloud. ; We undertake regular performance and vulnerability tests to ensure the highest levels of access and performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics including, but not limited to, the following can provided upon request on a weekly basis: ; ; Number of users ; Last Login Date ; Number of Catalogues; Number of Supplier Managed Catalogues ; Number of Buyer Managed Catalogues ; Number of Price Files ; Number of Supplier Connections
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV. Excel.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Edge has an uptime of 99.5% (based on 730 hours a month this equates to a maximum unscheduled down time of 3.5hrs per month). ; ; If the SLA of 99.5% availability of the The Edge is breached in a single calendar month, then Virtualstock shall provide up to a maximum SLA Credit of 1% of the fees for the use of the The Edge during the same calendar month.
• Approach to resilience: Virtualstock’s Edge services are provided by a modern data centre that is a best-in-class, infrastructure-as-a-service provider.; ; More information is available upon request.
• Outage reporting: Any outages will be reported via email alerts. ; These automated alerts are provided 24/7. In the unlikely event of primary service outage steps will be taken to restore service immediately (365/24/7). When service is restored the client will receive a major incident log.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Restricted to internal staff only, maintained on a regular basis.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV.GL
• ISO/IEC 27001 accreditation date: 07/01/2019
• What the ISO/IEC 27001 doesn’t cover: Nothing was out of scope as part of this certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a working and effective ISMS that all employees are aware and understand. Adherence to the polices are done via ad hoc auditing, regular reviews, internal audits and external audits.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Fully described in Change Management Procedure; Key components to the company’s Change Management program include:; Accurate Documentation – Identify the information relevant to a specific change that needs to be collected throughout the change management process.; Continuous Oversight – Change Advisory Board (CAB) The CAB is tasked with balancing the need for change with the need to minimize risks.; Formal, Defined Approval Process – All changes will follow the established multiple level approval process to ensure routine changes are completed with minimum restrictions while complex, high impact changes receive the oversight necessary to guarantee success.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Fully described in our Vulnerability and Threat Management Policy. At a high-level, vulnerabilities are identified in various ways; pen-testing, vulnerability scanning, risk assessments, third-parties and BAU work.; New vulnerabilities shall be assigned a priority. The most critical and highest risk vulnerabilities shall be assigned a score of “HIGH”. Vulnerabilities with a CVSS score of 7.0 or above shall be assigned a score of “HIGH”. ; All system components and software shall be protected from known vulnerabilities by having the latest vendor-supplied security patches installed. The vulnerabilities that are scored as “HIGH” will be addressed within one week.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All user endpoints have endpoint protection in place that covers AV, device management, software installs. These logs are shipped centrally and alerts are triggered.; Log information from the edge are sent to our elasticsearch stack via wazuh in production, and new relic lists logins on all environments. We use WAZUH for SIEM currently.
• Incident management type: Supplier-defined controls
• Incident management approach: Fully described in our incident management policy. At a high-level, once an incident is reported, it is assessed by InfoSec to identify the severity, urgency and potential impact to Virtualstock. Depending on this assessment will determine how the incident is further managed. For example, a Significant Incident (P2) the senior leadership team need to be informed, but a Minor Disruption (P4) only the team manager. Urgency levels range from response between 15 mins (P1) to 1 day (P5) and recovery between 4 hours (P1) and 6 months (P5).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  The Virtualstock marketplace enables suppliers, irrespective of their size or location, to be able to upload and manage their product, pricing and order data. This gives suppliers the opportunity to access a market and customer base that may previously been unavailable. ; The Virtualstock marketplace also gives the Public Sector the opportunity to make significant savings through access to a marketplace and enabling greater transparency and efficiency through the supply chain.

Pricing

• Price: £6,000.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gareth.mcfarlane@virtualstock.com. Tell them what format you need. It will help if you say what assistive technology you use.