PROACTIS LIMITED

Supplier Management

The Proactis Supplier Management module makes it easy to create and maintain a structured, centralised supplier directory that facilitates the management of the supplier lifecycle. The whole process, from supplier identification and selection, qualification and approval, through to onboarding and ongoing performance management, is controlled in collaboration with the Supplier.

Features

• Centrally manage supplier data and access thousands of potential suppliers.
• Reduce your administration overheads using supplier self-service.
• Assess and manage new supplier proposals and contracts.
• Automatic notifications when suppliers change or update their information.
• Define robust management frameworks for effective category and risk management.
• Share documentation and periodically request information from suppliers online.
• Benchmark suppliers using category or risk specific Key Performance Indicators.
• Control supplier qualification and on-boarding with due-diligence checks and workflows.
• Standardise, manage, and record all correspondence with suppliers and stakeholders.
• Define tasks and set reminders for important events and activities.

Benefits

• Increased trust and reliability in the downstream Procurement processes.
• Increased organisation-wide visibility and transparency of all supplier information.
• Reduced effort and resource required to maintain supplier information.
• Increased visibility and transparency of contract related activity.
• Enhanced communication channels with automated alert capabilities.
• Integration with existing line-of-business systems.
• Greater financial rigour and control.
• Audit trail transparency.
• Improved process efficiency and less wasted time.
• Reduced risk associated with your supplier base.

£13,070 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.stackhouse@proactis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

902739728163944

Contact

Simon Stackhouse
01937545979
simon.stackhouse@proactis.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Proactis Sourcing, Proactis Contract Management, Proactis Purchase to Pay (P2P), Proactis Marketplace, Proactis Accounts Payable Automation.
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements: All solutions are browser based, using latest versions of browsers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For system related incident reporting/resolution, users raise a technical support ticket via the Proactis Support System at https://proactisservicedesk.com or email servicesdesk@proactisservicedesk.com at any time. The Support System is available 24/7/365, though tickets are only actioned during Helpdesk support hours (9:00am-5:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays).; ; Tickets raised are managed in accordance with ticket priority levels/severity, linked to SLA's for response and resolution times as contained within the Proactis standard contract. The system is automatically monitored around the clock and issues escalated to relevant teams/individuals for investigation and remediation.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to support and maintenance services is provided as part of the annual subscription fees. ; ; For all system related incident reporting and resolution, using secure, unique login details, users simply need to raise a technical support ticket in the first instance using the online Proactis Support System at https://proactisservicedesk.com. ; ; An Issue Resolution process with associated SLAs would then be followed. All service desk personnel are technical engineers equipped to deal with technical issues.; ; The Customer Support Helpdesk is available to provide support on system issues, i.e., errors seen in the system and/or if core functionality is not working as intended. They will also be the first point of contact if you wish to raise a change/enhancement to the solution. ; ; The Helpdesk operates from 9:00am until 5:30pm Monday to Friday (EU/UK/EST time) excluding Bank Holidays.; ; An Account Manager becomes the first point of contact for all commercial, contract and day to day matters that are typically ‘non-support’ orientated once the solution is live.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Proactis provides onsite training and/or online training (via Teams). Proactis approaches training based on a ‘Train the Trainer’ methodology, the benefit of which is ensuring a thorough understanding of the solution resides within the Customer's organisation. ; ; Proactis will provide training on the use of the system to the intended ‘Trainer’s’ of the end users, i.e., the System Administrator. Training is delivered on a standard training environment, and additionally, before entering UAT, the project team steps through the configuration with the Consultant on their environment. The aim is to ensure System Administrators have the skillset and tools to make the best use of the functionality, so they can then be self-sufficient in disseminating the training information to the end users. ; ; Proactis also adopts a knowledge transfer approach, ensuring the project team users are hands on with the application throughout the project by being involved in the configuration, build and testing, thereby ensuring self-sufficiency post project.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: Proactis provides an off-boarding process to provision complete copies of the Customer's data, normally in SQL backup format but other formats can be agreed.
• End-of-contract process: Within 14 days of termination Proactis will provide the Customer, in encrypted format, a full copy of their data in SQL format (other formats are available at additional costs). This is performed once, FOC, as part of standard off-boarding processes.; ; Any additional works required, e.g. extract of documents from data, querying or additional extracts of specific data are additionally charged based on requirements. ; ; Once data has been successfully transferred, Proactis will either destroy any data still in its possession, or anonymise if system integrity is affected by deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Service Interface allows users (Administrators, Buyers and Suppliers) to access the application via a GUI. Administrators can configure, manage and monitor all aspects of the system relating to their organisation. Buyers can manage and engage with their supplier base, initiate and participate in Tendering exercises and create and manage contracts with suppliers. Suppliers can manage their profiles, respond to buyer engagement requests and submit tenders.
• Accessibility standards: None or don’t know
• Description of accessibility: Proactis supports the requirement to make service functionality equally accessible for everyone. Proactis Research and Development (R&D) has invested significantly in developing solutions to materially comply with the WCAG 2.0 guidelines, and continues its approach in respective functional areas to further develop functionality to comply with components of WCAG 2.1. You can find the Proactis Accessibility Statements on our website at https://www.proactis.com/uk/policies/product-accessibility/
• Accessibility testing: Proactis has tested using these technologies ourselves, without involving third parties.
• API: Yes
• What users can and can't do using the API: Proactis solutions make use of various API's for different operational purposes, including information and data management as well as integration into third-party line of business systems.; ; Across the solution set, SOAP and RESTful APIs are used and fully documented. Proactis will make use of these APIs as part of any implementation, although customers will be able to consume them themselves for use in additional integrations etc.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Whilst Proactis solutions are customisable, in general, the preferred mechanism to meeting an organisation’s solution requirements would be to address these through configuration in the first instance, and only look to customise beyond the out of the box functionality where this would be the only way to deliver an optimal solution.; ; The level of configuration available in the Proactis platform ensures that Customers can build both their current 'as-is' processes, as well as their future 'to-be' processes. This can be done by the Customer themselves, Proactis Consultants or any other suitable third-party.

Scaling

• Independence of resources: Proactis uses virtualisation and storage area network (SAN) technologies to deliver the solution to clients. The environment is constantly monitored to ensure that there are no capacity issues. This includes monitoring of both the physical host and virtual machines to ensure CPU, network, memory and disk utilisation are not exceeding usage thresholds. The infrastructure design allows us to quickly and easily add more capacity when required with little or no impact on service availability.

Analytics

• Service usage metrics: Yes
• Metrics types: These are configurable to the customer; commonly delivered Scheduled Reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Access to the hosted environment is only by approved Proactis personnel commensurate to their requirement in order to provision the service. All data is encrypted at rest within ISO27001 certified data centres. This is implemented via hardware assisted heads on the storage arrays and is applied to all datastores. All data is held on a secure back end network and securables (e.g. passwords etc) are 1 way salt encrypted. The data encryption Algorithm used is AES-256-XTS.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All Proactis solutions come with Advanced reporting tools allowing the customer to extract the data they require in the format they require it in.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Word
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • Text
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Availability of the Hosted Services, excluding scheduled downtime, shall be 99.5% at all times. Service Credits are payable on any failure of service that does not meet expect SLA’s. Please see Maintenance and Support Services Terms attached.
• Approach to resilience: Proactis systems are built around a principal of no single points of failure. Additionally, warm DR systems operate in a separate data-centre, meaning live systems can be brought back with a 6hour RTO and 30minute RPO.
• Outage reporting: Proactis will notify any Customers affected should an outage occur by contacting the Customer's nominated representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces, and access to them, are fully controlled by the customer who can assign roles and responsibilities as required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus Isoquar
• ISO/IEC 27001 accreditation date: Last Audited September 2022
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISAE 3402 Type 1

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISAE 3402 Type 1; Cyber Essentials and Cyber Essentials Plus
• Information security policies and processes: Proactis is certificated to ISO 27001 and has a comprehensive suite of IS policies which are reviewed and updated each year internally by the appropriate teams. External audits of the system and processes are undertaken by Alcumus Isoqar, a UKAS accredited auditor on an annual basis. Security governance forms part of our certification. All new starters are required to read and confirm adherence to all policies and procedures, and at least annually all staff members must sign to state they have read and understood the IS policies and any updates during the period. Any failure is reported at Board level. As part of the externally-audited standards, Proactis has a dedicated, independent, Compliance Team, one of whom is also the Proactis Data Protection Officer. The team reports directly to the Chief Financial Officer. The Compliance Team is also supported by key personnel within the ITAS function (IT Availability Services).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All source code is tracked through life using industry standard source control, which logs all changes made and impacts. Additionally, all changes made to our hosted environments follow a full electronic change control process. Both are audited as part of our ISO27001 accreditations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Risk assessments are carried out at least annually by ITAS and Compliance. The infrastructure undergoes separate penetration tests conducted by an independent third party, with any outputs being assigned to a remediation plan.; ; We use a variety of sources to recognise potential threats. Internal and external vulnerability scans of our environments for known threats are undertaken using industry-leading software, with reports compiled and reviewed on a monthly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Through our ISO/ISAE requirements, we have specific processes and procedures in place to actively monitor and react to any potential compromises, as does our Service Provider. This process includes Board Level notification of any such suspected breaches. If such a compromise is discovered then an immediate impact assessment is performed and necessary actions taken based on this review. Normally we would inform any customers affected as soon as is practical, except for where criminal investigations must take place, in which case notifications would be done as soon as authorised by relevant authorities.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Proactis documented Incident Management process is audited through our ISO/ISAE accreditations. There is scope designed within the process to allow for RCAs, forensic analysis and so forth, based on the type and severity of incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  In accordance with the current formulation of the Proactis Environmental, Social and Governance processes, Proactis has outlined a commitment to comply with relevant legislation and to continually act to minimise the environmental impact of our business. Specific environmental objectives include to adopt responsible fuel and energy management practices to reduce energy consumption, and to take measures to reduce waste at source and recycle where possible. We aim to pursue best practise green procurement, assessing sustainability, Corporate Social Responsibility (CSR) and, wherever possible and in accordance with our procurement criteria, adopt an increasingly localised supply chain. Proactis has been awarded Bronze certification by EcoVadis and is committed to continuing efforts to improve this rating further.; ; Proactis has made a commitment to be Net Zero by 2030 and is in the process of documenting a formal ESG (Environmental, Social and Governance) strategy across the business, which will include formal targets and metrics across all 3 areas. This is championed by the Chief Financial Officer (CFO), who is the Board representative for Compliance and Governance.; ; A Proactis Electric Vehicles Scheme is in place in the UK, with a number of employees already taking advantage of the initiative. Offering such a scheme highlights our dedication to our core values in support of Our Planet approach - to make decisions and policies that protect our planet.

  Covid-19 recovery

  As Covid-19 brought rise to the need to work from home, organisations recognised the need to adapt previously manual processes so people could work remotely. This need sparked a more urgent drive for digital transformation.; ; The whole ethos of Proactis solutions is to automate Source to Pay processes, moving away from admin-heavy, manually intensive processes, while reducing the risk of human error. By making information transparent and easily and securely accessible online, stakeholders can access and collaborate on projects without needing to be in the office.; ; This became more important during the pandemic and Proactis Customers in Public, Private and Not for Profit sector organisations were able to reap the benefits of the systems they had in place, as referenced by a Proactis Customer in the Education sector:; ; “Overall, the obvious, and most relevant benefit in the midst of the COVID-19 situation is that we can access everything, in the same place, from anywhere. The Proactis solutions have been hugely helpful. We moved off site very quickly, but we were able to do this with confidence that none of our processes would suffer as a result. Supplier and Contract Management, eProcurement and now all invoicing processes are digital.“; ; Other Proactis customers also adopted additional modules that would support their digital transformation journey, which in turn helped to strengthen their business operations and increase agility during challenging times. This included adopting Proactis Supplier Management which, along with Contract Management and Sourcing modules, has helped to provide greater visibility and understanding of the supply chain to assist buyers in strengthening relationships with suppliers, reducing risk and enhancing overall compliance.; ; Within Proactis, processes have been put in place to support Covid-19 recovery including effective social distancing, remote working, safe return to office working, sustainable travel solutions and greater consideration given to local suppliers.

  Tackling economic inequality

  Supply chain compliance is assured as Proactis expects our suppliers to comply with the applicable legislation and regulations we are governed by, including human rights, modern slavery, environment and privacy. Proactis is committed to being an open and transparent organisation and seeks partners and suppliers who share this commitment.; ; The Proactis solutions, inclusive of Supplier Management and the Proactis Tenders Direct portal, naturally encourage greater engagement and collaboration with suppliers to deliver improved control, accountability, and measurability of the relationships with the buying organisation. ; Proactis provides assurance to both Customers and Suppliers that it adheres to all necessary standards appropriate to the undertaking of its activities. Certifications held by Proactis include Cyber Essentials Plus, ISO 27001 Information Security Management and ISO 9001 Quality Management.; ; Proactis aims to support a sustainable eco-system within the communities in which it operates. Many employees live locally and Proactis supports a sustainable travel policy for all employees. Support for the local economy is encouraged with sourcing from local suppliers a key consideration in procurement activity where appropriate.; ; In the UK the company supports and actively encourages employee participation in supporting local and national charities including Wetherby & District Foodbank, The Archie Foundation and Save the Children, through activities such as Dragon Boat Challenge, Christmas Jumper Day, Bake Off challenges. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.

  Equal opportunity

  Proactis promotes a working environment in which diversity is recognised, valued and encouraged. We acknowledge the multi-cultural and diverse nature of the UK workforce and society in general, and are committed to principles of fairness and mutual respect where everyone accepts the concept of individual responsibility.; ; Proactis recognises that discrimination in the workplace in any form is unacceptable and, in most cases, unlawful. Company policy seeks to ensure that all job applicants, contractors and employees are treated fairly and without favour or prejudice. We are committed to applying this throughout all areas of employment. This includes recruitment and selection, training and development, benefits, rewards and promotion, dealing with grievances and disciplinary issues.; ; The Proactis Equal Opportunities and Diversity policy complies with current legislation. We review it regularly and update it if the law changes. However, we recognise that equality of opportunity is best achieved by day to day commitment throughout the organisation. We offer support and training where necessary to achieve and maintain this.; ; As a software company, Proactis does not have an extensive range of local or international suppliers where modern slavery or human trafficking would generally be a material risk. Regardless, Proactis is committed to acting ethically and with integrity in all our business relationships. Proactis has implemented improvements to internal systems and controls and how we engage with our supplier base to ensure that they will be compliant with the Act, to ensure slavery and human trafficking does not take place anywhere in our business or supply chains.

  Wellbeing

  Proactis recognises that by providing a safe, stimulating working environment and encouraging staff to achieve their maximum potential, this will reflect in the culture of our organisation, the solutions we deliver and the relationships we have with customers. Listening to and obtaining regular feedback from staff is as important as listening to our customers.; ; Backed by a commitment from the Executive team to continually improve, Proactis undertakes annual employee engagement surveys. Following positive action taken, results show year on year improvements in engagement and positivity, with a >30 Net Promoter Score achieved earlier than the original target.; ; Ensuring and maintaining the Mental Health of our employees is high on our agenda. In support of this a number of staff have completed a Mental Health First Aider course, so that they are able to identify others in need and offer support in relation to where they can get help. The MHFA team also undertakes projects to actively encourage all our people to be aware of the importance of their mental health by presenting lunch & learn sessions, communicating team activities via the ‘OneVoice’ employee newsletter, and providing monthly updates from MHFA England and MHFA Scotland.; ; Internal communication channels have been established to encourage staff development and knowledge sharing. These include regular line manager catch-ups and Team meetings, lunch & learn sessions and companywide training sessions. In turn, these encourage sharing ideas that feed into the development of solutions for customers.; ; Flexible and home working is supported, standardised performance appraisals are undertaken and include a values-based review with a reward and recognition programme in place. In addition, staff are encouraged to give back to the local community, and all are allocated an additional day of leave that is committed as a dedicated volunteering day.

Pricing

• Price: £13,070 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.stackhouse@proactis.com. Tell them what format you need. It will help if you say what assistive technology you use.