Software Limited t/a Co2Analysis.com

eMarketplace - cloudBuy eCommerce and eProcurement Marketplace

Bring buyers and sellers of goods and services together to trade securely via a functionally rich, easy-to-use e-commerce platform. Supports local digital initiatives and economic development.

Features

• PCI DSS Level 1 and ISO 27001 certified
• ERP integration options
• Only allow approved suppliers to register if required
• Search by keyword and postcode
• Secure basket and checkout process
• Checkout of basket with goods from multiple suppliers
• Enabled for special offers and promotions
• Suppliers can upload existing catalogues
• Electronic purchase orders and invoice capabilities
• Comprehensive reporting options

Benefits

• Marketplace owner brings desired buying/selling community together
• Best practice design
• Familiar look and feel
• Easy to use interface
• Facilitates secure, paperless transactions
• Supports global e-commerce in the cloud
• Buyers can save money
• Gives even the smallest suppliers an online presence
• Sellers can reach new customers
• Supplier-maintained product and pricing information

£2,250 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@software-limited.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

879004256892667

Contact

Software Limited
01183381429
info@software-limited.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: On occasion Co2Analysis.com completes planned maintenance, this typically takes place out of core business hours or over weekends. Customers are informed of any planned maintenance well in advance through posts to our shared user forum which all customers are invited to free of charge.
• System requirements: Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Support Team works Monday-Friday from 9am until 5pm UK time. Depending on the severity of the issue, the Support Team aims to respond to all queries within 30 minutes-2 business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: You will be assigned a Solution Delivery Manager (SDM) who will be your port of call for any queries and support. Support via phone and email is included at no extra cost. It is provided during the office hours of Monday-Friday, 9am-5pm UK time. The severity of any issues reported affects the response time. If an issue has immediate priority, we aim to respond to you within 30 minutes and resolve the issue in two business hours. We have user guides to support your use of the system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a mix of onsite and offsite training along with documentation. The key part is customers providing their data and we provide a data specification, and already have transfers configured for a number of major public sector accounting/finance/ERP systems.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Co2Analysis.com provides the data associated with the contract as part of its standard service at no additional charge. The customer can get a custom extract or a data conversion by Co2Analysis.com into a different format for a charge that depends on the transformation required.
• End-of-contract process: Co2Analysis.com provides the data associated with the contract as part of its standard service at no additional charge. The customer can get a custom extract or a data conversion by Co2Analysis.com into a different format for a charge that depends on the transformation required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Layout is only difference between mobile and desktop. It is optimised for both.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Send data
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Most areas of the service can be customised. Please let us know what your requirements are.

Scaling

• Independence of resources: Co2Analysis provides an SLA to ensure that all customers can measure that the service performs to the level set out by the SLA irrespective of the demands from other customers.; ; Customers have their own reporting packs.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a set of reports covering usage, transactions, exceptions and required actions.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is exported as an Excel workbook.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Co2Analysis.com normally provides a 99.9% SLA and has a 100% track record of meeting this SLA. Customers that require a 100% uptime SLA can pay an additional amount based on the level of business loss as a result of down time.
• Approach to resilience: Co2Analysis.com has a N+2 redundancy standard covering firewalls, applications and storage systems spread over multiple datacentres.
• Outage reporting: Co2Analysis.com provides customers with access to the Co2Analysis.com user forum which is used to update and inform customers of incidents, outages, planned maintenance and upgrades. Notifications are sent to customers as part of the user forum workflow.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Private network and 2 factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 12/06/2018
• What the ISO/IEC 27001 doesn’t cover: Nothing, everything related to customer data is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: ComSec
• PCI DSS accreditation date: 31/07/2019
• What the PCI DSS doesn’t cover: No current exclusions (sometimes we need to exclude certain customers systems which do not meet the PCI standard, but we aim to have all systems up to standard, e.g. when we had Government customers that continued to use FTP after its use was prohibited by PCI)
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We use ISO 27001 as our security management system, and this has internal and external auditing to ensure that our policies and procedures are followed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are created in our version control system, they are then assessed and approved prior to being tested and deployed. There is a separation of duties between change creation, change approval, testing and deployment. The same process is followed for code, infrastructure and database changes. This process is audited internally and externally by both ISO 27001 and PCI teams.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Co2Analysis.com's infrastructure is tested annually and after any major system alterations. Testing is performed by PCI and CHECK accredited testers, comprising checks of possible holes in our security. They identify high-risk vulnerabilities, including a combinations of low-risk vulnerabilities applied in sequence or those that are not necessarily picked up during our own scans. We also carry out quarterly internal and external network scans by an accredited PCI scanner, as well as our own internal and external daily scans. Any vulnerabilities are immediately patched.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a PCI accredited external monitoring company monitoring our logs for any attacks of compromises along with our SIEM and if we have an incident we respond immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process covers immediate response to any serious incident along with proactive notification to any affected customers and regular updates to any affected customers. We regularly test incident response and look at how we can continuously improve our processes with pre-defined processes for potential major events. Incidents are not a common event. Users can report incidents through our applications, email or phone. We provide incident reports via our forums, and our ticketing system which we share with customers so that they can see the status of any ticket or incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  We are a carbon negative organisation and have already offset our projected emissions for the next 5 years. For most public sector organisations their supply chain carbon footprint is 80-90%. Co2Analysis uses Artificial Intelligence to automatically measure this from standard public sector finance information down to individual product and service level. This allows you to reduce your emissions through quick wins and then we work with your suppliers to deliver their own net zero plans and feed these into your plan. We help your suppliers become compliant with both Science based targets and the central government standard PPN06 and its successors.
• Covid-19 recovery:

  Covid-19 recovery

  We are a virtual organisation so there is no requirement to host us for meeting or to visit us.
• Tackling economic inequality:

  Tackling economic inequality

  Supply chain analysis allows you to monitor things like are you suppliers paying a living wage, fair trade, fair tax, modern slavery, health and safety etc. As a company that specialises in supply chain analysis we are committed to tackling economic inequality and a fair supply chain.
• Equal opportunity:

  Equal opportunity

  As a female lead company we are committed to Equal opportunity.
• Wellbeing:

  Wellbeing

  We are committed to the wellbeing of our team.

Pricing

• Price: £2,250 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@software-limited.com. Tell them what format you need. It will help if you say what assistive technology you use.