FWUFFY LTD

Supplied

Supplied is a procurement strategy engine that harnesses your business's data, market insights, and your team's collective knowledge to dynamically assess your categories and suppliers as your operating environment changes.

It recommends the optimal strategies, methods, and tactics to guide your procurement teams towards the most advantageous outcomes.

Features

• Real-time reporting
• Remote access
• User-friendly interface
• Data security
• Scalable infrastructure
• Integration capabilities
• Customizable workflows
• Support for multiple users
• Automated procurement processes
• Comprehensive dashboard

Benefits

• Enhances decision making
• Improves productivity
• Increases operational efficiency
• Supports remote work
• Ensures data security
• Facilitates compliance
• Customizes to business needs
• Enhances collaboration
• Reduces costs
• Provides comprehensive insights

£250 to £250 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@fwuffy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

941804626692162

Contact

Tim Czerwonka
07852925225
tim@fwuffy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Active internet connection required
• System requirements: Internet Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During the week, within 24 hours; Next working day on weekends and bank holidays
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is delivered via our email support service. T3echnical or user support is all at the same level and is provided as part of the overall cost.; ; If service is customized, support is led through a customer support representative assigned on the contract signature.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and online training is provided. Drop in sessions are arranged to support ad hoc working questions.
• Service documentation: No
• End-of-contract data extraction: Supplied extract the data following the request
• End-of-contract process: User access is revoked at the end of the contract; Any client IP is deleted within 90 days of the contract termination date.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: UI is designed for Mobile, everything else is the same as the desktop functionality
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Supplied.biz offers a web-based service interface that allows users to manage procurement processes efficiently. This interface features a user-friendly dashboard for accessing tools and settings, real-time data visualization, and customizable options to streamline procurement activities. It supports various user roles and integrates seamlessly with existing systems, ensuring a flexible and accessible experience for all users.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Utilized online assessment tools to inform the design process and suitability to user of assistive technology
• API: No
• Customisation available: Yes
• Description of customisation: All the system outputs can be customised to the specific use case situation. Customisation has to be done by the Supplied team.

Scaling

• Independence of resources: Each instance of the system is built on a separate server platform that scales with use and is independent of the use of the user contract.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User is able to download reports and generated insights directly form the platform in PDF format
• Data export formats: Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Xls

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% service availability, but this is not guaranteed
• Approach to resilience: Our service is designed for high resilience, ensuring continuous operation and minimizing downtime. Our data center, hosted with Linode in the UK, utilizes redundant hardware, power supply, and connectivity to ensure fault tolerance and rapid recovery from failures. We implement regular backups and have disaster recovery protocols in place to quickly restore service in case of major incidents. Details on specific resilience measures in our datacenter setup are available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We restrict access to management interfaces and support channels through role-based access controls (RBAC), ensuring only authorized personnel have access based on their job requirements. ; ; Additionally, all access is logged and monitored for unusual activities, with alerts in place for any unauthorized access attempts. Access privileges are regularly reviewed and adjusted based on ongoing risk assessments to ensure they adhere to the latest security standards and policies.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our approach to security governance is centered around a comprehensive framework that ensures all security practices are aligned with industry standards and regulatory requirements. We maintain strict access controls, conduct regular security audits, and engage in continuous monitoring to detect and respond to threats promptly. Our governance model is designed to enforce policies consistently across all operations and involves regular reviews and updates to adapt to emerging security challenges.
• Information security policies and processes: Our information security policies and processes are grounded in best practices and compliance with relevant data protection laws. We have a structured reporting hierarchy where security responsibilities are clearly defined and communicated. Regular training and audits are conducted to ensure adherence to our policies. All employees are required to follow strict security protocols, and compliance is monitored through both automated systems and managerial oversight. Violations are addressed immediately with corrective actions, ensuring a proactive approach to maintaining security standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes ensure robust tracking and security evaluation. Components of our services are meticulously documented and tracked from deployment through decommissioning. Changes undergo a thorough review process, assessing potential security impacts by a dedicated security representative before approval. This structured approach ensures both security integrity and compliance with our stringent standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process involves systematic scanning for threats using industry-standard tools. We assess potential threats by analyzing security feeds and alerts from trusted industry sources such as CERT, NIST, and security vendors. Patches are deployed promptly. This approach ensures that we maintain high security and resilience against emerging threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process utilizes threat detection systems to identify potential compromises. Upon detecting potential threats, our incident response team is alerted immediately, and we initiate predefined procedures to assess and mitigate the issue. We aim to respond to incidents asap after detection, ensuring quick containment and resolution to minimize any impact on service and data integrity.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process includes predefined protocols for common security events to ensure swift and structured responses. Users can report incidents directly through email. We provide detailed incident reports to affected users, outlining the nature of the incident, the impact, measures taken, and steps for future prevention. Our response team is trained to handle incidents efficiently, aiming to address and resolve issues promptly while maintaining transparent communication with all stakeholders.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Supplied minimizes environmental impact by leveraging energy-efficient data centers that are only powered by green energy, promoting remote working, and reducing travel and office energy use. We continuously improve our platforms to enhance energy efficiency and reduce our carbon footprint.

  Tackling economic inequality

  Supplied contributes to economic equality by sourcing resources from underprivileged areas within the UK. By investing in these regions, we not only support local economies but also create jobs and provide training opportunities in the tech sector. This approach helps bridge economic gaps and promotes sustainable community development, ensuring that the benefits of technological advancements are more evenly distributed across the country.

  Equal opportunity

  We ensure equal opportunity by providing training resources and access to our services across diverse communities, supporting workforce diversity, and fostering inclusive employment practices within the tech industry.

Pricing

• Price: £250 to £250 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@fwuffy.com. Tell them what format you need. It will help if you say what assistive technology you use.