MRI Software Limited

MRI Advanced Financials

MRI Advanced Financials is a cloud-based solution delivered in conjunction with our partner Advanced. It provides highly scalable, robust financial management functionality in a simplified, fully integrated platform. Businesses have instant access to financial data at the heart of their system, which helps to drive business strategy and decision-making.

Features

• Fully integrated suite of Financial Management modules
• Templated approach to deliver a faster implementation
• Support for multi-company, multi-entity & multi-currency
• Powerful enquiry and reporting options including Dashboards
• Device independence providing access via a range of client devices
• Controls so users get access to the right information
• Single sign-on to access all authorised modules/components

Benefits

• Reduction of internal IT Costs
• Updates included and completed automatically in the system
• Solution that can grow with your evolving needs
• Clearly defined security model to ensure appropriate access by role
• Fully managed solution delivered in the Cloud, available 24/7
• Adoption of streamlined good business practices/processes

£43,280 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

916649560649505

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The solution only requires an internet connection and a device that supports the latest browsers. Any planned maintenance will be completed (where possible) outside of core office hours and customers will be notified in advance.
• System requirements:
  • Latest internet browsers
  • Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only) Concierge Standard (Normal Priority 4 Hours, Serious Priority 2 hours, Critical Priority Live Call Only)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the client portal 24/7. The portal provides clients with information on support cases, regardless of whether a call is logged via phone or via the portal.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onboarding (training) is available and follows a train the trainer approach. Our training includes an overview of relevant legislation, walk through the system modules and a 'hands on' session supported by step-by-step user guides. Sessions are delivered in a supportive environment designed to facilitate learning. All applicable documentation will be provided in a pre-agreed format.; ; User are assisted to start using the service via a delivery mechanism that features the implementation as a series of design configuration workshops supported by a strong cadence of system familiarisation (testing). When implementing Financials, we work closely with the clients subject matter experts to identify requirements and outcomes, following by rapid configuration and continuous finessing of the configured solution.; Professional Services are provided to support the implementation utilising our standard methodology. ; ; We support users, using a number of change management assets, including: ; ; 1. Virtual or face-to-face training ; 2. eLearning; 3. Quick reference guides; 4. Knowledge base; 5. Help Docs; 6. Online Help; 7. Webinars
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We provide a backup of data. However, If clients want the data in a more easily accessible format, they can extract it themselves or purchase Services from us to do that. We enter into a formal decommissioning plan at end of the contract. Data will be retained in the backup for up to 12 months after termination unless otherwise requested. ; ; If there are specific arrangements which clients required for offboarding in addition to our standard service we will be happy to discuss this further.
• End-of-contract process: We have an established exit management process in place to retire clients. The aim would be to work closely with the client to enable a smooth and secure transition during exit so the process covers both transactional wind-down and data migration. Note that following termination, the client would as standard have no further access to the solution, or their historical data. Prior to that point, the client will be able to save details of their transactions/data from the system in accordance with the offboarding provisions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The application user interfaces are designed with untrained users in mind and provide a consistent approach to usability for all. We observe all usability standards and design for ease of use.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Create, Read, Update, Delete functions are available.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: As part of the onboarding process customers will work with their dedicated implementation manager to adapt the solution their business. Advanced Financials is a flexible solution that can be customised in different ways ranging from the modules that are licensed, or made available to business units or users, integration methods, the workflows that are configured, the branding of the screens etc. Control exists at three levels - end users would be able to select some personal preferences, considerable control would be divested to specific administrator users within customer accounts, and some by MRI's implementation and support teams. All customisation by customers would be managed through their user interface.

Scaling

• Independence of resources: The server infrastrucure is based on a virtualised infrastructure which is monitored 24x7. Services are automatically migrated across the virtual infrastructure to automatically load balance the entire infrastructure. This ensures that no one service is unduely impacted by load placed on the infrastructure by other users. If another service is using a large amount of resources, other services are automatically migrated to other servers in the virtual infrastructure that are being utilised to a lesser extent.

Analytics

• Service usage metrics: Yes
• Metrics types: System access reports are available from within the system. Infrastructure is monitored in real time with proactive monitoring ahead of agreed thresholds being breached, whereby incident management action is triggered.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Advanced

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are options to export through: a) provided export processes b) using the QED utility c) The provided Reports (most also available in CSV), d) list box download function e) Reporting services f) Third party tools
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML with support for specific formats listed below
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Via an Import Toolkit
  • XML
  • Spreadsheet upload functions from Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: All data through the application is delivered over a secure connection (as a web site - password protected, API through token authentication - OAUTH2). No data stores are publicly accessable and are protected by multiple security layers.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: No data is moved into the corporate network and only resides in the private cloud. All access to the cloud environment is restricted to security checked personal. Multi factor authentication is used to secure access. Access to the cloud servers is only via the corporate network. If not directly on the corporate network an IPSEC MFA connection is required to the corporate network to gain access.

Availability and resilience

• Guaranteed availability: 99.5% (Based on Monday to Friday - 8 - 6pm, excluding public holidays)
• Approach to resilience: Advanced Financials utilises a highly resilient configuration which allows the environment to be robust without single points of failure. This approach is consistent across all application tiers and ensures that a single server or a whole data-centre becoming unavailable will have minimal impact on service availability i.e if one server fails, the traffic will be automatically routed a different server in a separate region which will minimise downtime to Advanced Financials.
• Outage reporting: The Advanced Event Management service will monitor the environment and provide: Proactive monitoring and alerting of thresholds and events, Root Cause Analysis of identified problems, Reporting and trend analysis System and application-specific knowledge and tasks. When thresholds are breached within the PaaS environment, staff nominated to receive alerts will be informed via email or SMS. Advanced will respond to alerts and remediate any issues within the supported environment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Keycloak is utilised as the basis of identity manager so configurable options are available. For example: 2FA, X.509 client certificate user authentication, identity federation, user name & password, LDAP etc.
• Access restrictions in management interfaces and support channels: Through keycloak based role access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Keycloak is used as the basis of identity manager so configurable options are available. For example: 2FA, X.509 client certificate user authentication, identity federation, user name & password, LDAP etc.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 13/03/2019
• What the ISO/IEC 27001 doesn’t cover: All activity on G-Cloud is covered by ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All MRI staff are issued with our security policy when they join and confirm that they understand and will adhere to this. Our security policy is supported by processes and procedures such as our data breach reporting, new starters and leavers procedures. Our software development process incorporate privacy by design with security at the heart of everything that we do. All staff are trained on our security processes when they join and have regular refresher training. Our policies and processes are regularly reviewed by our operations managers and the outputs of these reviews are, in turn, reviewed with senior management. The focus of these reviews are the performance and ongoing applicability of our security quality management system. Our partner Advanced is certified to ISO 27001:2103 and their Information Security Management System implements all mandatory controls and address all 114 Anex A controls of this international standard for information security.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The configuration and change management process ensures operational systems, services and application software are subject to change control. All staff are responsible for submitting completed change requests to the change authorisation board (CAB) using the change request form. Change requests forms, before submission to the CAB must be peer reviewed and pre-authorised by the appropriate system service owners and or business stake holder. All changes are recorded, tested and verified prior to implementation, (where possible), and are communicated to relevant members of staff and users as appropriate.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management is an essential component of our partner's (Advanced) Information Security Program and the process of vulnerability assessment is vital to effective vulnerability management. The vulnerability assessment process provides visibility into the vulnerability of critical assets deployed in the IT Infrastructure. The process comprises of identifying critical systems, their corresponding owners, vulnerability scanning on regular basis, determining and assessing potential vulnerabilities, documenting and establishing a time line to remediate critical vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our partner (Advanced) complies with protective monitoring in line with GPG 13.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our support Help Desk includes first, second and third line support based and will acknowledge and respond to your incident within one working day. Should our first line support team not be able to resolve your issue at first point of contact, it will be categorised, prioritised and passed to our second line support teams. Third line support issues are managed by our partner (Advanced) who have Incident management control objectives defined within their ISO 27001:2013 certified Information Security Management System and the procedures for Incident management are aligned to ITIL v3 industry best practice.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MRI is committed to managing environmental risks that are material to our business and to reducing our carbon footprint by enhancing the energy efficiency of our operations and reducing the amount of waste that our company produces. We do this by utilising some of our own solutions with sensors in our own offices to assess our space utilization, energy usage and setting a reduction plan. ; ; As well as improving our own position, we also look at ways to help our clients work towards using services that have less impact on our planet’s scarce resources. A good example is HomeSwapper, our national mutual exchange solution. HomeSwapper enables tenants to swap homes either locally or anywhere across the United Kingdom with another social housing tenant, often to reduce their commute to work or schools which has a direct impact on carbon emisisons in the region.

  Covid-19 recovery

  We have fully embraced hybrid working and have recently formalised our flexible working model and different types of flexibility offered to all employees. We believe flexible working benefits our employees and the business. Our solutions available on this framework are all available remotely allowing our clients employees, users and contractors as applicable to work from any location in accordance with your approved working practices to allow flexibility

  Tackling economic inequality

  Our employees are all contracted and salaried fairly, in line with the Living Wage standards. All of our employees are paid at least the minimum rates as stated under the current Living Wage. ; ; We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage. ; ; We also offer a comprehensive benefits package for all our staff, which includes health and wellbeing support and access to private health care.

  Equal opportunity

  We work hard to ensure our employees have a voice. Our business has various committees in place, such as a Diversity, Equity and Inclusion Committee and Employee Resource Groups, such as Women & Allies and LGBTQIA+, which help us understand how employees feel about working at MRI and help us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our reports are available publically on our website. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap. This includes the development of our Flexible Working and Inclusive Policies initiatives, educating our People, People Managers and Business Leaders and working with external partners to attract a diverse staffbase.

  Wellbeing

  Work hard, play hard. From the day we opened our doors, we set out to build flexible, game-changing solutions that would make people's lives better. We do this by providing our clients with solutions that enable them to provide better places to live, work, and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements, Medical assistance, including mental health tools, Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry out bi-annual employee engagement surveys to ensure employees can express their views.

Pricing

• Price: £43,280 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.