SAP UK Ltd

SAP Commerce Cloud

SAP Commerce Cloud is a complete digital eCommerce and Citizen Engagement solution that can integrate digital and physical customer touchpoints onto a single, robust platform, helping you deliver exceptional,
seamless customer experiences anywhere, anytime.

Features

• Consistent and fully responsive citizen experience across all channels
• Search and navigation
• Personalised Recommendations
• Shopping cart
• Rich Product Content Management
• Bundled services for complex service scenarios
• Simplify Bill Payments
• Transact on someone else’s behalf for family relationships

Benefits

• Full cloud-native solution with extensive customisation & extensability
• Rapid onboarding
• self service environment management
• Comprehensive security
• Best Practice Application Lifecycle Framework
• Infrastructure Monitoring & Management with 24/7 Alerting
• Automated Disaster Recovery and Backup

£270,492 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

876538306666987

Contact

David Dinsdale
+44 870 608 4000
UKPublicSector@sap.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Regular Maintenance (duration: 4 hours), [start time in UTC per region]; • APJ: SAT 3 pm UTC; • Europe: SAT 10 pm UTC; • Americas: SUN 4 am UTC; ; Major Upgrades (up to 4 times per year), [timeframe in UTC per region]; • APJ: SAT 3 pm – SAT 11 pm UTC; • Europe: SAT 10 pm – SUN 6 am UTC; • Americas: SUN 4 am – SUN 12 pm UTC
• System requirements:
  • Browser based client from supported list
  • Publicly accessable code repository

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different ticket priorities have different response times, but the maximum response time for a Priority 1 ticket is 4 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Through the serice.sap.com website
• Web chat accessibility testing: Unknown
• Onsite support: Yes, at extra cost
• Support levels: P1 Very High: An incident should be categorized with the priority "very high" if the problem has very serious consequences for normal business processes or IT processes related to core business processes. Urgent work cannot be performed. ; P2 High: An incident should be categorized with the priority "high" if normal business processes are seriously affected. Necessary tasks cannot be performed. This is caused by incorrect or inoperable functions in the SAP service that are required immediately. The incident is to be processed as quickly as possible because a continuing malfunction can seriously disrupt the entire productive business flow. ; P3 Medium: An incident should be categorized with the priority "medium" if normal business processes are affected. The problem is caused by incorrect or inoperable functions in the SAP service. ; P4 Low: An incident should be categorized with the priority "low" if the problem has little or no effect on normal business processes. The problem is caused by incorrect or inoperable functions in the SAP service that are not required daily, or are rarely used.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a wealth of online information, demos and product documentation to help you get started with SAP Commerce Cloud. ; ; https://www.sap.com/products/crm/e-commerce-platforms.html; ; https://help.sap.com/viewer/product/SAP_COMMERCE_CLOUD/SHIP/en-US
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: For systems not directly accessible our support teams will, on request, export all requested data to a defined, secure destination.
• End-of-contract process: SAP work with you to ensure all required data is offloaded at the end of contract. Once this has been confirmed your data would be permanently removed from our system. There are no additional costs at the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Admin interfaces are responsive and fully responsive and native mobile application experiences can be served from the application to end consumers.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Customer Experience product helps you to manage Web content across channels - including online, mobile, and Internet - using a single, intuitive interface. Create and reuse content across multiple touch points and devices and quickly build and manage Web sites. Personalization helps increase average order value and maximize value by tailoring content to a shopper’s history and behavior. You can segment your customers and create rules to deliver relevant product selections, recommendations, and promotions. You can promote top sellers and niche products based on customer preferences, and evaluate shopper behavior in real time for true one-to-one marketing.
• Accessibility standards: None or don’t know
• Description of accessibility: The SAP Citizen Engagement Accelerator ships with front-end templates that meet WCAG 2.0 AA standards that can easily be upgraded to the latest format; ; SAP Commerce provides a flexible solution that you can easily customize to match specific requirements. SAP Commerce presentation layer can support user experience frontend site designs that are designed for accessibility. SAP Commerce as a part of the SAP ecosystem includes "Product Standard Accessibility", using various process steps to plan, develop, test, and report quality features. The status of each SAP product concerning accessibility is documented and the status documents are available on request.
• Accessibility testing: This is typically done on a project basis.
• API: Yes
• What users can and can't do using the API: All objects within SAP Commerce are automatically exposed (securely) as a RESTful web API. These APIs may then be used to manage the required content. Moreover, a delete action from a source system (for example an ERP) can be propagated to SAP Commerce system, ensuring that the appropriate field is emptied in it and the systems are in synch.; Omni Commerce Connect (OCC) is a next-generation commerce API that offers a broad set of commerce and data services which enable you to use and leverage the complete SAP Commerce Platform functionality anywhere in your existing application landscape. Its main benefits are as follows:; ; it allows SAP Commerce customers to quickly commerce-enable new touch points and channels without lengthy and costly IT cycles,; it makes it easy to reuse commerce processes and data across all touch points, increasing the speed and lowering the costs of providing new transactional interfaces, you can easily integrate with other systems and even provide interfaces to partners and other organizations.; ; Omni Commerce Connect (OCC) is based on RESTful web services. To maximize the list of potential API clients, the OCC supports both XML and JSON representations.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: SAP Commerce Cloud is formed of two primary layers, a Platform As A Service and a code based hosted in it.; The core Platform gives Commerce its main functionality, including:; Business services (cart handling, back order),; System services (model handling, session handling),; Infrastructure services (internationalization, import & export).; ; SAP Commerce Platform is a foundation for all the capabilities delivered with commerce cloud. The platform also includes the infrastructures that enables extensions of the many features and functions. This concept is known as the extensibility. Since the concept is at the heart of commerce Cloud, features and functions delivered are packed into modules. A module is made up of a set of extensions and each extension within a module is encapsulated piece of Commerce Cloud. On one hand modules leverage platform functionalities and on the other they enrich it with specific capabilities.; ; From the technical perspective both the UI and the technical components are delivered as extensions to the Platform. You can either use the extensions as they are or modify and extend them according to your environment.

Scaling

• Independence of resources: SAP is responsible for the application and can scale horizontally and vertically, as appropriate. SAP guarantee's performance within the SLA.

Analytics

• Service usage metrics: Yes
• Metrics types: SAP Commerce Cloud provides comprehensive reporting and automatically generates a monthly report detailing the Customer’s website performance for the previous month. This includes the following:; ; Website availability,; Infrastructure availability,; Bandwidth,; Service fulfillment,; Environment sizing,; Database health management,; Security update,; Application Performance improvements.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: SAP Commerce ships with an integrated text-based ImpEx module, which allows creating, updating, removing and exporting platform items such as customers, products and categories to/from structured data files.; ; SAP Commerce Accelerator also comes with a batch package that enables projects to provide automated importing of data from hot folders, i.e. specified folder locations. The infrastructure enables the import of simple CSV files that are internally translated into SAP Commerce fast, multi-threaded ImpEx scripts that import content directly into your product catalogs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLS
  • Restful Webservices
  • OData Services
  • Custom
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS/XLSX/CSV/TXT
  • OData API Uploads (XLS, 3rd Party, IoT etc.)
  • SAP Cloud Platform
  • SAP S/4HANA
  • SAP BW & SAP BW/4HANA
  • SAP & 3rd Party Cloud Applications
  • SAP ERP
  • SQL Database
  • Restful Webservices
  • Custom

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Service Level Agreement for SAP Cloud Services referenced in the Order Form and the SAP System Availability Warranty in the GTC are superseded by the following, only as expressly noted: “Available” or "Availability" - means that in relation to the production environment of the Hosting Platform, SAP will maintain a System Availability SLA for productive environments of 99.95% during each calendar month, subject to Excluded Downtime (as defined in the SLA) as further described in the SAP Commerce Cloud Services Description available on the SAP website (“Service Description”).
• Approach to resilience: SAP Commerce Cloud hosting platform resides on fully redundant cloud infrastructure operated by Microsoft Azure. Therefore, the availability and continuity of SAP Commerce Cloud does not depend on SAP's own uptime or availability.; ; Moreover, SAP has implemented business continuity management aligned to ISO22301 as part of SAP’s management framework for business continuity and operational resilience, of which corporate continuity, IT service continuity management and Cloud continuity are parts.; ; The governing principles for corporate continuity and IT service continuity management as well as interfaces to Cloud continuity are centrally managed. This continued central governance ensures and documents common principles and requirements providing guidance on implementation of respective procedures. Implementing procedures according to the central governance is done by all units at SAP as necessary and upon existence of critical products and services.
• Outage reporting: All three: a public dashboard,an API and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: SAP’s comprehensive administrative user access management follows the principles of minimal authorization (the need-to-know principle) and segregation of duties. Administrative access to data processing systems in SAP STE is subject to strict requirements for personnel and is managed by an access management tool for cloud services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: International Standards Agency
• ISO/IEC 27001 accreditation date: 30/06/2015
• What the ISO/IEC 27001 doesn’t cover: All components are covered.
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: International Standards Organisation
• ISO 28000:2007 accreditation date: 30/06/2015
• What the ISO 28000:2007 doesn’t cover: All components are covered.
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: USD AG
• PCI DSS accreditation date: 12/12/2023
• What the PCI DSS doesn’t cover: SAP Commerce Cloud operates according to the PCI DSS 3.2.1 security standard. ; Credit card related information is not stored, processed, or transferred using SAP Commerce infrastructure. We recommend using a payment service provider (PSP) that is PCI compliant. Even such shopping methods as one-click purchase can be offered using an external PCI compliant PSP. ; SAP Commerce stores a hash code as a fingerprint for users which, upon request, is sent to the PSP where it is augmented with the credit card details necessary to complete the one-click process. Storing the hash code does not present PCI compliance issues as it does not contain enough payment information to pose a risk. ; SAP Commerce Cloud security includes transparent attribute encryption to secure data from external access.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • BS10012
  • ISO 22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SAP’s security framework focuses on the three cornerstones of secure products, operations, and the company (see the figure). Secure products put the focus on delivering software to our customers that meets the highest levels of security standards with continuous vigilance regarding vulnerabilities and rapid action to remediate issues. Secure operations add another layer to protect data at the level of internal networks, infrastructure, and ecosystem and prevent security lapses within SAP’s internal operations. Secure company facilitates a culture of security at SAP, where employees and associates understand their role in helping secure SAP and its customers for success in the digital economy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SaaS Model so all configuration and updates are controlled by SAP.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: SAP’s security-patch management process mitigates threats and vulnerabilities. SAP’s security team rates security patches based on the Common Vulnerability Scoring System standard for operating systems, databases,and virtualization in cloud services. Critical security vulnerabilities that might endanger SAP’s service delivery capabilities. Platform are patched on a priority basis normally on a weekly basis during the weekend.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Securing Cloud services undertakes sophisticated monitoring for malware protection and monitoring. Therefore, SAP has defined and implemented a malware management process with which we consistently and continuously ensure secure service delivery free of viruses, spam, spyware, and other malicious software. It comprises antimalware agent deployment, regular scans, and malware reporting processes.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management process that is aligned with the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27035:2011 information security principles. Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels until resolved. A security breach involves the accidental or unlawful destruction, loss, alteration, or disclosure of customer personal data or confidential data. Or it may refer to a similar incident involving personal data for which a data processor is required under applicable law to provide notice to the data controller.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SAP is committed to a future sustainable world and acts as both an exemplar and enabler of sustainability. For the 16th consecutive year, SAP was named the Software Industry Leader in the Dow Jones Sustainability Index - https://www.sap.com/sustainability/our-approach.html. SAP is committed to fighting climate change by reducing carbon and other emissions. SAP became Carbon Neutral by 2023 and will be Net Zero by 2030.

  Covid-19 recovery

  On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. To help local communities to manage and recover from the impact of COVID-19, SAP can support buyers in several areas. As part of the Social Value Action plan, SAP will: • To support re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP learning portal at https://learning.sap.com. Currently available courses include topics like Circular Economies, Opportunities from a Digitally Transformed Economy and New Work and Purpose. • SAP offers buyers support in key areas for social value relating to COVID 19 Recovery – new ways of working to deliver services; support for the physical and mental health of people affected by COVID-19 and improved workplace conditions such as remote working and sustainable travel solutions. As part of the Social Value Action plan, we will offer a workshop to explain the support we can offer and add tasks to the plan where appropriate.

  Tackling economic inequality

  There are two themes outlined in the guidance relating to this area of social value - Create new businesses, new jobs and new skills; and increase supply chain resilience and capacity. With respect to skills, as part of the annual Social Value Action plan: • SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP Learning portal at https://learning.sap.com. Currently courses cover a range of in demand skills in the IT industry such as Artificial Intelligence, Analytics and Application Development. For these courses, where relevant, SAP will also provide access to technical platforms at no charge so that students may complete the practical learning components of each course. With respect to increasing supply chain resilience and capacity, as part of the annual Social Value Action plan: • SAP will offer to brief the buyer’s procurement and finance teams on the opportunities relating to the SAP Ariba Procurement offering. This could include on-boarding the buyer’s suppliers to the SAP Business Network, a €3.2TN marketplace for suppliers where they can grow their businesses. SAP Ariba Procurement also offers capabilities around supplier risk management to ensure that the buyer’s supply chain achieves the desired level of resilience. The guided buying capabilities of SAP Ariba Procurement also allow the buyer to make it easy for staff to support and comply with organisational social objectives, for example spending with sustainable enterprises or local small businesses. SAP will also share our learnings from 5 by 5 in ’25, an initiative designed to encourage organizations across industries to direct more of their addressable spend toward certified social-enterprise and diverse-business suppliers. https://news.sap.com/2020/10/sap-launches-55by25-purposeful-procurement/

  Equal opportunity

  SAP is committed to being one of the most diverse and inclusive software companies in the world. We proactively promote diversity, inclusion, and social justice and work to ensure that our workforce reflects the gender parity and demographics of all the regions where we have employees. We make every effort to ensure that all stages of the employee lifecycle are inclusive to enable employee success. As part of the Social Value Action plan, SAP will propose a Social Innovation Workshop to explore areas of equal opportunity and look at how we approach diversity and inclusion to see how a shared approach with the buyer could help the buyer’s staff and communities that the buyer serves. For example, SAP supports the following organisations and initiatives: Stemettes is an award-winning social enterprise working across the UK & Ireland and beyond to inspire and support young women and young non-binary people into Science, Technology, Engineering and Maths careers (known collectively as STEM). Enactus UK – SAP is the Platinum technology partner for Enactus UK, giving access to one of the UK’s largest innovation and entrepreneur networks in the UK. Enactus allows teams of students all over the country to work together to find innovative solutions to social issues within their local and international communities; Apps For Good believes that all young people should be empowered to take action on the things they care about most. They provide free tech innovation courses to schools, giving teachers ready-made education content, so young people from all backgrounds can develop computing and essential skills to create a brighter future through technology. Apps For Good partner with leading brands to keep their course content 100% free of charge to schools, as well as giving students the opportunity to directly benefit from their industry expertise.

  Wellbeing

  As part of the Social Innovation Workshop described in the Equal Opportunity section, SAP will include the theme of ‘Wellbeing’ to review optional initiatives that can be added to the Social Value Action plan. For example: • Innovation – SAP offers clients the ability to run innovation workshops on themes that are important to clients. This is often in collaboration with users and communities who can codesign and create a proof of concept of solutions that would address specific challenges and opportunities. We will also offer free training on innovation topics via our SAP Learning portal - https://learning.sap.com. Current courses include Intrapreneurship – Employee-driven Innovation. • Employee and community pulse – SAP is a leading provider of solutions relating to personal wellbeing. We offer to share our learnings of what works well for different challenges and situations that clients wish to explore. We can share examples of how organisations have supported the physical and mental health of their workforce. A current example would be around working practices and return to work in a post COVID pandemic world. • Self-service and a great user experience are key principles of SAP services. We will share insights learned from working with many public service organisations and the world’s most recognised brands on how digital services can bring people and communities together. These insights may then trigger actions that can be added to the Social Value Action plan.

Pricing

• Price: £270,492 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We are able to, on request, offer 3 month limited trial licenses.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.