Influential Software

Vena – Planning, Budgeting and Forecasting Solution Integrated with Excel

Licences, support and services for Vena's CPM platform which combines deep FP&A planning capabilities, AI-powered reporting and analytics, flexible workflows and robust data governance with the productivity, collaboration, and innovation of your Microsoft applications. Vena is natively integrated with Excel, Microsoft 365 and Open AI technologies to empower Finance teams

Features

• Integrated software for business planning across the whole organisation
• Consolidated reporting in real time
• Workflow automation for key processes
• Full audit trail of user inputs
• Native integration with Excel
• Data source system agnostic with APIs, native connectors and ETL
• Ease of use, purpose-built for Finance without expensive third-party support
• Dashboard reporting with embedded Microsoft Power BI
• Visibility of financial and non-financial performance
• Integrates with ERP solutions

Benefits

• Eliminates the proliferation of spreadsheets
• Reduce time on decision making analysis
• Increase user adoption and utilization with familiar native Excel interface
• Increase visibility over key financial reporting and planning processes
• Ensure data integrity and accurate reporting with real-time data refresh
• Significantly reduce lead times for key processes including monthly closedown
• Automate spreadsheet-based processes with full auditability and transparency
• Automate business-wide processes with Vena’s applicability across multiple use cases
• Secure financial data with advanced security features and role-based permissions
• Deep FP&A planning capabilities

£13,200 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.richardson@influentialsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

886891434327074

Contact

Andy Richardson
02078621122‬
andy.richardson@influentialsoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Private cloud option is at an additional cost
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Maximum first response of 1 business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Using Intercom's web chat software, visitors to our websites can speak directly to the support team
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Standard Support Plan; Every customer has access to our Standard Support Plan for online and telephone support, including:; • 24/7 application monitoring; • Help desk phone and email support 24/5 Monday-Friday; • Unlimited case submissions; • Up to 3 Power Users to contact Vena support; • Maximum first response time of 1 business day; • Access to the Vena Customer Portal, online videos, FAQs, user guides, and a community help forum in our knowledge base; • A dedicated Customer Success Manager to help recommend products, services and processes to help you get the most out of Vena; ; Extended Support Plan; For after-hours support and accelerated response times, our ; Extended Support Plan combines all the services of our Standard Support Plan with:; • 24/5 Help Desk with on-call telephone support; • Maximum first response time of 2 hours for Severity A issues; Up to 20 Manager or Administrator users to contact Vena support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided as well as a range of consulting services to assist with implementation and data import etc.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Online learning portal with Video Tutorials
• End-of-contract data extraction: Customers can easily access their data by doing a mass or queried export within the Vena application. Vena supports .csv format for data export.
• End-of-contract process: Contracts are normally renewed on the contract anniversary. If a customer wishes to terminate the contract, all customer data is permanently deleted

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same functionality. Note that Vena does not have a separate mobile application. Rather, Vena users can easily log onto the application via any mobile device through their mobile browser.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Vena API is a REST API that allows users to; • Retrieve template information; • Upload files to steps; • Create jobs; • Edit jobs; • Run jobs; • Export Data
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Vena provides a fully configurable set of tools that does not require code customization. This includes data modelling, workflow management and template/report design, which leverages all the capabilities of a native Excel interface. Customizations will not be impacted by product upgrades. Below is a list of just some of the ways in which the Vena application may be customized/configured to meet your unique business requirements:; A sophisticated process designer that allows users to drag-and-drop their workflow process, including input steps, review steps, alerts and report access.; The ability for workflow messages to be customized, including autofill with specific data.; The ability to require managers to acknowledge receipt/review/approval of reports(s); User permissions pertaining to access and security are controlled by the administrator and can be customized as needed.; The database can be fully configured to support tables and fields as required. Templates and reports are authored in a native Excel interface and can be completely customized by the client.; Pre-formatted reports that can be leveraged as a starting point. Vena leverages a native Excel interface as the authoring environment, which allows clients to customize their reports as needed.; The ability to create and customize dynamic validation rules based on user inputs.

Scaling

• Independence of resources: This is a question for the ultimate supplier of the software - Vena

Analytics

• Service usage metrics: Yes
• Metrics types: Service status shared on public URL
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Vena Solutions

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Vena encrypts all client data at rest using AES-256 bit encryption. Passwords are also securely stored through one-way hashed (bcrypt) with salt.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Vena is source system agnostic and supports a full spectrum of data integration capabilities to connect and load data from any source systems, including ERPs/GLs, HRISs, CRMs and more. Vena offers multiple methods of data integration to our customers, along with Extract-Transform-Load (ETL) functionality, depending on your source systems, available resources, and preferences: ; 1. Manual integration through the web user interface; 2. Automated/scheduled integration of data via flat file format, extracted from any source system; 3. Automated/scheduled integration via productized API connections (including Netsuite, Sage Intacct, SalesForce, Quickbooks Online, MS Dynamics 365); 4. Automated/scheduled integration via Vena’s open REST API
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: TDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All data in Vena is encrypted in transit using TLS 1.2 and at rest using AES 256-bit encryption, backed by the AWS Key Management System (KMS).

Availability and resilience

• Guaranteed availability: Vena will use commercially reasonable efforts to make the Service available with a monthly uptime percentage of at least 99.5%, twenty-four (24) hours per day, seven (7) days per week, in each case during any monthly cycle (the “Service Commitment”). Monthly uptime percentage is based on the number of minutes the system is unavailable outside of planned maintenance windows in a calendar month and between the hours of 9:00 AM to 8:00 PM Eastern Time, Monday through Friday, with holidays excepted. For the avoidance of doubt, the Service is considered unavailable when the system/Service cannot be accessed by the Subscriber between the hours of 9:00 AM to 7:00 PM, Eastern Time, Monday through Friday, due to a service provider problem. In the event that Vena does not meet the Service Commitment, Subscriber will be eligible to receive a Service Credit as described below. ; ; Service Credits are calculated as a percentage of the proportional monthly subscription value of the total subscription fees paid by Subscriber for the Service (which was unavailable) in accordance with the schedule below. The monthly uptime percentage is based on the number of minutes the Service is unavailable outside of planned maintenance windows in a calendar month
• Approach to resilience: This is a question for the ultimate supplier of the software - Vena
• Outage reporting: A public dashboard can be subscribed to – status.vena.io

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is granted based on an employee's role based on principles of least privilege. Only the access that is required for the employee to perform their duties is granted. Only a limited group of Vena employees on the Infrastructure team have access to infrastructure/systems hosting customer data, for the purposes of troubleshooting systems issues and performing maintenance. All access is audited and controlled through access management controls, such as API logs, two-factor authentication and VPN access to the environment. All backend operations to access any data (including backups) is logged via AWS CloudTrail.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 14/06/2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: None
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 1 & SOC 2 Type II audits

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Vena has successfully completed SOC 1 & SOC 2 Type II audits which were performed by Deloitte LLP. The examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA).
• Information security policies and processes: Vena employs a three lines of defense model to govern risk management. This model is widely used in the industry. Each of the three lines plays a distinct role within Vena’s control environment. ; ; The first line of defense lies with the business and process owners, like IT, Finance, HR and Vena’s Cloud Operations teams, which are responsible for maintaining effective controls and for executing agreed upon risk and control procedures on a day-to-day basis. ; ; The second line is performed by our Corporate Security department and overseen by a Security Risk & Compliance committee, which supports management to help ensure risk and controls are effectively managed. This line performs risk management and compliance functions to help build and/or monitor the first line-ofdefense controls. ; ; The third line of defense provides assurance to senior management and the board that the first and second lines’ efforts are consistent with expectations. Vena employs independent external auditors for our third line of defense. They are solely responsible for providing an independent opinion on the sufficiency of the internal controls with respect to the requirements specified within accepted industry standards such as SOC.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The change management process requires that existing security control mechanisms are not negatively impacted prior to approval – adherence to existing controls is reviewed through automated build testing and manual peer core reviews.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vena Cloud is a fully Infrastructure-as-code production environment deployed across several distributed AWS regions, providing us resiliency, reliability, recoverability and security. We routinely rotate in fresh AWS EC2 VMs on a weekly basis to pick up the latest, up-to-the-minute security releases and OS-level patches to ensure continuous compliance with critical OS-level vulnerabilities. All base images are scanned prior to deployment using automated vulnerability scans and any detected known vulnerabilities will halt the release. ; Additionally, Vena regularly performs external penetration tests by an independent third party on an annual basis.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Vena leverages Amazon Guard Duty, which is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs and DNS logs. Amazon Guard Duty uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within our AWS environment. This can include issues like escalations of privileges, uses of exposed credentials or communication with malicious IP addresses or domains.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Vena’s incident response framework provides the foundational processes for incident detection, management and recovery. The framework also establishes roles and responsibilities during an incident, including escalation procedures, incident classification criteria and response procedures. The foundations of the incident response framework were designed to meet the requirements laid out in ISO-IEC 27001:2013; specifically, the control objectives specified in A.16.1 Management of Information Security Incidents and Improvements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  By providing all of our software at the very lowest price to the public sector, we are ensuring that savings are available vs. list price that can be redistributed elsewhere into areas that help to tackle economic inequality

Pricing

• Price: £13,200 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.richardson@influentialsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.