Elcom Systems Ltd

EVOLVE eFunding

EVOLVE eFunding, advance invoice funding and supply chain finance. Suppliers funded on the basis of public sector purchase orders or invoice. Buyers approve purchase orders and invoices, for funding without risk in an automated process. We connect suppliers to finance from funders who accept risk at lower rates than normal.

Features

• Low cost working capital for suppliers
• Working capital provided at PO stage, not invoice, therefore earlier.
• Purchase Order and Invoice finance.
• Automated processing
• Secure Connectivity
• Open standard technology stack
• Seamless interface to buyer ERP and other purchasing/finance systems

Benefits

• Easy to set up
• Improved cash flow for all suppliers
• Management of liquidity in supply chain and security of supply
• Local economic benefits from enhanced liquidity
• Improved purchasing/AP processes
• Potential to generate returns for buyers
• Cost reduction throughout process
• Supports SME cash flow and stability

£0 to £0 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@elcom.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

944540070216079

Contact

Simon Holmyard
020 3920 8054
sales@elcom.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No technical constraints, but supplier credit checks are required.
• System requirements: Reasonably up to date Browser

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is 09.00 to 17.00 UK working hours. This is standard with no additional cost in the normal case. Response is usually immediate but in any case within 1 working day.; ; Support is by:; • service desk; • email; • phone; • onsite; ; Professional Services are as per our rate card, but are not likely to be required with this service.; ; Further details in Service Definition Document
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Getting started includes full implementation, including interfaces to finance and legacy systems if required; onsite and remote support 24/7 and onsite training for buyers and suppliers if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If requested, at close of contract, customers may advise the format in which they wish to receive their data and we will normally provide what we have as required, subject to agreement on data ownership between buyers and suppliers.
• End-of-contract process: Subject to agreement between buyers and suppliers on data ownership, we will normally provide relevant data in standard format. Any requested transformation of the data may be a chargeable professional service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Full functionality is available on tablets and through standard browsers on mobile phones.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Service can be branded by the buyer

Scaling

• Independence of resources: Load is monitored and balanced at all times, with redundant server capacity available for peak demand. Server capacity as a whole is provided on the basis of regular reviews of load and trends in user activity.

Analytics

• Service usage metrics: Yes
• Metrics types: Multiple metrics including, for example, ; -volume of transactions; -value of transactions; -transactions by type; -full audit trail of all activities; -service up time; All by user-defined period
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is encrypted on a SAN device in the data center
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Elcom exports data to users in a specified format, for example into a data warehouse, or through flat file transfer, including SFTP transfer.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Direct entry on screen

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Please see Service Definition Document for full details of SLAs
• Approach to resilience: Backup, disaster recovery and resilience plans and measures are in place. Details are available on request.
• Outage reporting: Email alerts and/or telephone calls to impacted customers; ; Further details in Service Definition Document

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: No one, including ELCOM staff, has access to any part of the system without a username and password. All access is logged and a full audit trail is kept. ELCOM are currently developing a MFA solution for our next software release.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SN Registars (Holdings) Limited
• ISO/IEC 27001 accreditation date: 04/04/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SAS 70 Level II (Data Centre)
  • ISO 27001:2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Elcom has a written security policy.; ; Security roles are defined and allocated to specific individuals. Responsibilities include firewalls and access security as well as the network. ; ; A security incident is 'any breach of security on the Elcom infrastructure which may potentially lead to the disclosure of client data'. Logs are monitored and reviewed and incidents, or potential incidents, are reported and investigated immediately. The team works directly to the VP of IT who is a member of the management team reporting directly to the Chairman and CEO.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All elements of the service are routinely monitored against emergent security threats and vulnerabilities. This includes potential future releases and features being brought into point releases.; ; Assessment is by internal review and third-party external quality control testing before changed or new elements are handed over to customers to complete there own testing.; ; Post go-live, annual penetration tests reconfirm security.; ; All changes go through a change control process and follow the QA/Test/Production path for deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Monitoring and assessment is continuous. Our aim is to deploy patches or counter-measures before potential threats become real.; ; We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified.; ; Annual Penetration tests are performed annually by qualified Third party vendors.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proactive monitoring, alerting and assessment of potential issues is a continuous process. Our aim is to mitigate potential compromises before they become real. This also includes working with local auditors if requested. We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified. Our team subscribe to industry alerts such as cert.gov.uk. All potential compromises are dealt with as a matter of urgency, requiring immediate assessment then mitigation as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is agreed with customers at set up. In the normal case, incidents are reported via a named person in the customer organisation to the Elcom service help desk. Usually reports are by email or phone call and logged immediately on the help desk system.; ; Customers can have access to the system to validate the incident is properly recorded and track progress to resolution.; ; Reporting is either through the help desk system or, if the customer wishes, separate incident reports for each incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  At Elcom, we are cutting carbon emissions and building back a greener environment by placing a high emphasis on environmental practices that reduce consumption of natural resources and create less waste.; The top 5 actions that Elcom continues to focus on to tackle the global climate emergency are; Plan for Change, Energy Saving, Transport, Supply Chain and Waste.; A Carbon Reduction Plan is available on our website. ; We have also been focused on creating a positive environmental impact by helping our customers reduce their carbon footprint.

  Tackling economic inequality

  At Elcom, we create a social impact by cultivating a collaborative, diverse and transparent culture where all our customers, suppliers and employees thrive.; Elcom recognises that discrimination, harassment, and victimisation is unacceptable, and it is in its own best interest, as well as the interest of its employees, to utilise the skills of the total workforce.; As a Living Wage Employer, we believe it will bring long-term investment in our people and our talent. Not only because is the right thing to do but because it also has a positive impact on the business - increases motivation and retention rates for employees.

  Equal opportunity

  It is the aim of the organisation is to be an equal opportunities employer. ; Elcom commits itself to promote and develop equal opportunities and will keep under review its policies, procedures and practices to ensure that they accord with the principles of equal opportunities and are consistently applied

Pricing

• Price: £0 to £0 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The full service is free to public sector bodies.; ; Please see Service Definition Document for full details, including potential rebates for buyers

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@elcom.com. Tell them what format you need. It will help if you say what assistive technology you use.