Common MS

SAP Marketing Cloud

SAP Marketing Cloud enables marketeers to develop a deeper understanding of customers, to know what they have done, what they may do, and most importantly what they are doing now. Gain real-time insights into the context of customers, and leverage these insights to deliver highly individualized customer experiences across channels.

Features

• Open Platform can connect with 3rd Party systems
• Out of the box integration
• Real time analytics
• Predictive analytics
• Powerful Analytics

Benefits

• Leverage sentiment and predictive analysis
• Execute your marketing campaigns across all channels
• Dynamically capture and enrich customer profiles across all sources
• Manage all marketing from one platform
• Plan and manage automatically your budgets in a single view
• Know your customer

£3,500 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samina.baig@commonms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

937498031481500

Contact

Samina Baig
+44 7768581576
samina.baig@commonms.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SAP Commerce Cloud
• Cloud deployment model: Public cloud
• Service constraints: Maintenance: Regarding planned maintenance (e.g. for regular maintenance or major upgrades), please refer to the Service Level Agreement for SAP Cloud Services. Hardware Configurations: SAP Marketing is a Cloud solution and browser based. Minimum desktop and laptop hardware requirements are: - Processor: Intel Core 2 Duo (2.4 GHz with a 1066 megahertz {MHz} front-side bus) or better - Memory: 6 gigabytes (GB), or more Upgrades: SAP Marketing Cloud goes through a quarterly upgrade cycle to ensure customers have access to the most recent functionality and are secure as possible. Customers get notification of this upgrade 3-4 weeks before.
• System requirements:
  • Intel Core 2 Duo or better
  • 6 Gigabytes Memory
  • Android and iOS supported for mobile application
  • Internet Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs are agreed with Customers. Weekend SLAs may be different but again will be agreed with Customers
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Subject to contract: Customer will select a level of support upon signing a contract, whereby each level adheres to differencing SLAs. These can be discussed during the sales process and the most suited one will be advised to the customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost.
• End-of-contract process: Customers may extend the Subscription Term for up to 90 days by notifying SAP Hybris at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the Business Services Agreement between the parties.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Some minor functional and design differences but generally a seamless integration.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: SAP Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements.

Scaling

• Independence of resources: SAP Customer Experience solutions are structured such that scalability is unlimited. SAP conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments

Analytics

• Service usage metrics: Yes
• Metrics types: Dashboards and reports are available which detail service up-time and planned maintenance periods. You can ensure the availability of the system is in accordance with the service level agreement of your contract. Define, manage, and leverage consistent KPIs across all your business functions, create and manage reports, run analytical queries, and build predictive models.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SAP

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted FTPS or SFTP.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • PDF
  • Microsoft Excel
  • Text
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: PGP encryption of batch files, exchanged via SFTP/FTPS.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5% System Availability percentage during each month, assured by contractual commitment
• Approach to resilience: Any unplanned downtime will be alerted to customer via email and customer support portals.
• Outage reporting: SAP data centers maintain multiple connections to several power companies, making a complete power outage highly unlikely. Even if the local power grid were to fail, the data centers supporting your SAP Cloud solution have an uninterruptible power supply for short-term outages, and a diesel generator backup power supply for longer-term outages. Therefore, power interruptions or outages are unlikely to affect customer data or solution access.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Other user authentication
• Access restrictions in management interfaces and support channels: At least every 6 months; Network Filtering IntrusionPrevension systems ; -Web application firewall ; 2-factor Authentication ; -Network Admission control proxies and content filtering ; -Advanced threat management
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LGAI Technological Center, S.A (Applus+)
• ISO/IEC 27001 accreditation date: 13/09/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001 – Quality Management System
  • ISO 22301 – Business Continuity Management System
  • ISO/IEC 27018 – Code of Practice for Personally Identifiable Information
  • ISO/IEC 27001 – Security Management System
  • BS 10012 – Personal Information Management System
  • ISO/IEC 27017 Code of Practice for Cloud Service Information Security

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Other security governance standards
• Information security policies and processes: SAP has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all SAP personnel. - Technical Security Policy. This is a technical policy document intended primarily for SAP personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is SAP public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by SAP internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre - https://www.sap.com/uk/about/cloud-trust-center.htm

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A formal change management process is in place and is regularly reviewed and approved. This process ensures that change requests are planned, tested, approved recorded, tracked, maintained and an impact analysis of the change is performed prior to implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management focuses on identifying, assessing, and mitigating common known vulnerabilities and configuration issues that might represent a potential risk to the integrity and security of systems or services. The following services are part of the Vulnerability Management system. Vulnerability Scanning External Penetration Testing Customer Performed Vulnerability Assessment
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In SAP Cloud Business Applications an automated monitoring system and operations personnel ensure the system availability 24x7. Security relevant events are logged and retained for 180 days in a SIEM (Security Information and Event Management) system. CCTV footage must be archived for at least 90 days (or maximum allowed by local law) • Monitoring room to be staffed 7x24
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SAP Cloud implements formal event reporting and follows escalation procedures if an information security incident occurs. Documented security incident response plans for the cloud solutions from SAP ensure that the best possible level of service quality and availability is achieved. Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels relating to customer until resolved. A Security Breach is a confirmed security incidents in which sensitive, protected, personally identifiable information (PII) or confidential data is: exposed, transmitted, copied, viewed, stolen or used by an individual or a group unauthorised to do so.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  N/A
• Covid-19 recovery:

  Covid-19 recovery

  N/A
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  N/A
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £3,500 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samina.baig@commonms.com. Tell them what format you need. It will help if you say what assistive technology you use.