Skip to main content

Help us improve the Digital Marketplace - send your feedback

Mercur Solutions (UK) Limited

Mercur Business Control

Mercur is a leading provider of unified Enterprise Performance Management solutions. Founded in 1976 Mercur delivers; Budgeting, Planning, Forecasting, Reporting, Dashboarding and Analysis applications within a single cloud solution designed for; Large Enterprise, Central & Local Govt, SME and NHS. Mercur Business Control creates greater effectiveness and efficiencies for organisations.

Features

  • Unified solution for Budgeting, Forecasting, Planning, Reporting & KPI Analysis
  • Combine unlimited data sources & size for real time updates
  • Unlimited dimensionality and hierarchies for flexible reporting and analysis
  • Unlimited users - scale from 1 to 100,000
  • Workflow, collaboration, collect direct data entry from employee/budget holder
  • Strong matrixed security control of Personal Identifiable Information
  • Financial and non financial data combination meets all reporting needs
  • Access all reports from any supported browser, mobile or desktop
  • Fast ETL and calculation engine for allocations, re-forecast and simulation
  • Leverage machine learning and predictive analytics to deliver business insight

Benefits

  • Reduce time and cost to complete budgets, forecasts and reporting
  • Reduce time and cost to create and run simulations
  • Reduce time to create re-forecasts and compare
  • Reduce time and cost to publish Management Reports
  • Create single version of the truth actual, budget and forecast
  • Cost reduction on existing systems and data management
  • Consolidate multiple systems and reduce cost and time
  • Increase accuracy, build confidence in financial & operational numbers
  • Reduce risk in spreadsheets, Google Sheets / Excel
  • Reduce time and cost to manage reporting processes

Pricing

£22.29 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at derek.morrison@mercur.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

9 5 9 5 5 0 3 5 5 6 2 2 7 3 9

Contact

Mercur Solutions (UK) Limited Derek Morrison
Telephone: 07388906833
Email: derek.morrison@mercur.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Our system has no known constraints. All clients can access Mercur Business Control from a modern browser.
System requirements
Only a modern browser environment to access Mercur Business Control

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide email support and use Jira for clients tracking.

Clients can phone, email or post a support ticket directly. The client can then track the ticket via our web application.

Our standard support times are 08.00 - 18.00 Monday - Friday

extended support times are available by arrangement
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Connected via our website with Hubspot

Text chat only - support and log tickets
Web chat accessibility testing
We have implemented and delivered webchat via Hubspot within our website
Onsite support
Yes, at extra cost
Support levels
Standard support in relation to our cloud software SLA is included in the annual cost of the software agreement.

Additional support - onsite is available at standard daily rate £950 per day or as negotiated, dependant on number of days required.

Out of hours telephone support during critical periods; month -end, year-end, planning period, forecast period, and budget period. This is a bespoke service by individual client and is not price listed.

Additional consultancy support is available at standard daily rate of £950.00 as negotiated dependant on number of days.

As the software is a standard deployment no cloud support engineer is required and the technical account management is included by way of named/allocated consultant.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full user training is available as part of the implementation process.

Web training, product video and webinars are available

Standard user documentation is available.

Customised documentation to support individual applications are made available as part of the scope of implementation.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
There are multiple routes;

Flat File (csv)
JDBC/SQL
XML
JSON
Excel extract
End-of-contract process
Standard contractual terms allow the client to extract their data at the contract end date. Mercur will retain any data required in line with GDPR and other legal requirements.

Other services may be available in terms of documentation or data model requirements. This can be inked into a contract as necessary and dependant on client requirements.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Users may user mobile or tablet devices to access Mercur Business Control. The application provides a touch enabled interface on these devices. There are no functional differences between a desktop or mobile/tablet environment.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
For database queries using our provided Excel plugin. The API is optional for the individual customer.
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
There are a number of customer customisation available be that branding, style of reports, style of dashboards, drill functions, workflows.

Code can be customised but we caution clients in customising code as we believe this is not necessary.

Scaling

Independence of resources
Mercur front-end is a multi tenancy solution which means it scales to thousands of users and provides maximum experience through load balancing. 'Scale up - scale out'

Each client has a separate back-end database so other client demand will not degrade performance.

Mercur live monitoring ensures scale up/scale out in terms of memory required to meet performance

Analytics

Service usage metrics
Yes
Metrics types
System usage statistics by individual user
Memory usage
Number of users
Number of sessions
Database size
System Availability
System Uptime
Data volume import
Data volume export
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Mercur provides standard functionality for users,subject to administration, rights to automatically export data to a number of different formats. Including standard and customised reports.

e.g. excel, PDF, image, txt etc
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Text file
  • PDF
  • Excel
  • Image
  • SIE
  • XML
  • PPT
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • SIE
  • XML
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All communication between the web browser and web server is encrypted with TLS. Mercur uses 256-bit encryption and 2048-bit public keys with RSA.
Data protection within supplier network
Other
Other protection within supplier network
Each server separated and segregated which means only data from a single customer is located on each server. Each server has two-factor authentication requirement
Data at Rest
The data is encrypted with AES256 for server-side data and any local caches.
Data in Motion: Client
Data communication is encrypted both externally and internally with AES128
Data in Motion: Web Client
All communication between the web browser and web server is encrypted with TLS. Mercur uses 256-bit encryption and 2048-bit public keys with RSA.
Data Leak Prevention
Each server is monitored for abnormal behaviour and has a next generation signature-less antivirus.

Availability and resilience

Guaranteed availability
Mercur Solutions will use
commercially reasonable
efforts to make the Mercur
Cloud Service available for a
Monthly Uptime Percentage of
at least 99.90%, in each monthly billing cycle.

We offer credits on unavailability of the service during client working hours as per contract.
Approach to resilience
The Mercur Business Continuity Plan is established according to ISO22301.. Supported by a fully resilient network set up on multiple Data Centres with an SLA of 99.99%.
All services are dual homed to provide geographic resilience for business continuity and disaster recovery scenarios. Risk assessments are carried out for any systems that are not resilient. ISO27001 covers back-up policy with systems brought back up within a fixed amount of time dependent on Maximum Tolerable Period of Disruption (MTPD) and Recovery Time Objective (RTO).
Critical systems are all designed and implemented in a resilient fashion.
Datacentre resilience is provided via dual data centres. Additional information is available on request.
Outage reporting
The status of the cloud service you can find here: https://status.mercur.com/ all updates, incidents and maintenances are published there.

Through this website you can can subscribe in order to get updates via:

Email alerts
Text messages
Atom Feed or RSS Feed

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
For each user, a list is added with the login methods.

Internal and External Computers
Automatic login with sspi-sso requires the user reside on the domain server or one linked with domain of the server. If you travel and do not have access to the domain (not able to or do not want to use a VPN), it's useful to have an alternate login mechanism available to all or a few users. The solution is to combine sspi-sso with win-server.
Access restrictions in management interfaces and support channels
We use IP-blocking to restrict access to admin interfaces and Mercur is entirely flexible in terms of security. Therefore certain interfaces can be locked for certain user types etc.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyds Register QA Ltd
ISO/IEC 27001 accreditation date
8/5/21
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
All information security policies are dictated by our ISO27001 governance held by our Cloud Service Provider. All employees follow ISO27001 have a “Company Essentials” folder on their desktop linking directly to the guidance and policies themselves. These policies include:

Acceptable Use Policy, Access Control Policy, Anti-Bribery Policy, Backup Policy, Clear Desk and Screen Policy, Conflict of Interest Policy, Control of Documents, Control of Records Policy, Corrective and Preventative Action Policy, Data Classification and Confidential Data Policy, Email Policy, Encryption Policy, Equipment Reuse and Disposal Policy, Group Retention Criteria Policy, Guest Access Policy, Information Security Incident Reporting Policy, Information Security Policy Statement, Internal Information Security Management System Policy, ISO 27001 Awareness Policy, Mobile Device Policy, Network Security Policy, Outsourcing Policy, Password Policy, Remote Access Policy, Risk Assessment Procedure, Mercur Information Security Awareness Policy, Secure Development Policy, Social Media Policy, VPN Policy, Wireless Access Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to components of the service are tracked and managed via the same systems that are used to track changes to customer devices. All access is logged by individual user and time stamped. All device configuration files are checked on a daily basis for any changes - these changes are then automatically added to the Network Configuration Management system change database.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threats are assessed under the guidance of the Internal Information Security Management System Audit Policy. Internal audits of all Information Security Management System policies, procedures and controls are carried out at least once per annum in accordance with the Information Security Management System Internal Audit Schedule. Certain policies, procedures and controls may require more regular review according to importance or history of problems.
Our patch management policy is;
Critical - 1 working day
Important - 3 working days
Moderate - 28 calendar days
Low - 28 calendar days
Threat Info - Ms, Sophos, Digital Shadows - as examples
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Mercur hopsting solutions implement DualMalware Intrusion Detection and Prevention Services. For the purpose of this policy an information security event or incident is defined as:
''An identified occurrence or weakness indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation which may be security relevant.''
All responses are responded to within 30 minutes by default. Special measures/policies exist for critical threats, details of which are available on request.
Incident management type
Supplier-defined controls
Incident management approach
Mercur has a documented Incident Management Process which is updated annually. This is available on request.
Users will be notified proactively within 30 minutes of any incident that is affecting the service. Users can also log incidents via phone, web or email. All incidents are logged and reported . Availability reporting shows when, and for how long a device has been down. Live incident reporting provides analysis of incident category and resolution codes. This helps customers identify incident trends. link here : https://status.mercur.com/

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Mercur Solutions is fully cognisant of the challenge's faced in the battle to reduce our carbon footprint. Whilst only a small organisation we have policies on supply, waste & travel which has a positive impact in reducing our footprint.

Though the implementation of Mercur Business Control we believe that organisations can reduce their footprint through better use of technology to reduce travel and promote home working if required.
Covid-19 recovery

Covid-19 recovery

Mercur's support for Covid recovery is through the deployment of Mercur Business Control. Organisations have struggle with collaboration and decision making during the pandemic due to moribund technology. As organisations emerge from the pandemic there is a drive to reduce manual working and risks associated with excel and create collaborative decision making through a technology that provides organisations with more granular information to base decisions on.
The implementation of Mercur will in line with Action Note PPN 06/20;

Support organisations and businesses to manage and recover from the
impacts of COVID-19, including where new ways of working are needed to
deliver services.

- Improve workplace conditions that support the COVID-19 recovery effort
including effective social distancing, remote working, and sustainable travel
solutions.
Tackling economic inequality

Tackling economic inequality

Mercur's support for Covid recovery is through the deployment of Mercur Business Control. Organisations have struggle with collaboration and decision making during the pandemic due moribund technology. As organisations emerge from the pandemic there is a drive to reduce manual working and risks associated with excel and create collaborative decision making through a technology that provides organisations with more granular information to base decisions on. The implementation of Mercur will in line with Action Note PPN 06/20;

create opportunities for entrepreneurship and help new, small
organisations to grow, supporting economic growth and business creation.
- Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in
growth sectors

Pricing

Price
£22.29 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
As part of our engagement process we will agree a specific use case where we will demonstrate the use case with client data within the Mercur Application to prove the ability to deliver free of charge
Link to free trial
https://www.mercur.com/Web-Demo

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at derek.morrison@mercur.com. Tell them what format you need. It will help if you say what assistive technology you use.