Complete Contract Management

Complete Contract Management

Complete® is a cloud hosted Contract and Supplier Relationship Management system created with input from practicing contract and commercial managers. A modern and intuitive user interface supports the streamlining of business as usual, with enhanced features that support contract governance, performance management, and quality monitoring.

Features

  • Document repository with unlimited storage
  • Monitor FOI requests and link to contracts
  • Outlook integration with in-app messaging
  • Supplier relationship management capability
  • Management reports
  • Workflow module with reminders and task allocation
  • Flexible Permissions with controlled access
  • Contract Finance Module
  • Contract Performance module
  • Cloud based SaaS solution

Benefits

  • Easy contract registration and administration
  • Integrated Freedom of Information Management
  • Integrated contract performance management
  • Integrated contract governance and meeting management
  • Integrated contract quality improvement management
  • Integrated workflow management
  • Integrated contract finance and invoice process management
  • Manage Non-contracted Activity Providers and Commissioners
  • Defined user roles to support secure access
  • Scalable from individual organisation to STP level

Pricing

£9.99 to £79.99 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dinah.sackey@completecontractmanagement.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 3 9 1 0 2 4 8 8 1 7 5 2 5 0

Contact

Complete Contract Management Dinah Sackey
Telephone: 0330 043 8785
Email: dinah.sackey@completecontractmanagement.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
N/A
System requirements
Access to the internet

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We use Zendesk to support client queries and response times during the week are within 24 hours. Clients can also self manage via the Zendesk portal.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Consultation - Our most comprehensive support will assess your needs, build your solution, plan your transition, and train your product champions - Costs are bespoke according to the needs of the organisation.

Implementation Support - Using a mixture of remote and onsite support we’ll help you shape the system to suit your needs. Implementation support is free.

Training Service - Ongoing refresher training when you need it, delivered face to face or online- Online training is free, accessed with the use of webinars. Face to Face training is costed according to the needs of the organisation.

Knowledge base - A library of information that helps explain the use of the system, accessible by registered users. Access to registered users is free.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users have access to a demo database for a 12 week trial followed up with a consultation on implementation needs.
The basic implementation involves the set up and deployment of the system and the training of a system champion.
Users can then opt to embed the use of their system with the supplied documentation, self-help videos, and access to the community knowledge base or request full implementation support with a system consultant.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Information stored within the system will be extracted into a secure file and shared with the user within 7 business days.
End-of-contract process
Included in the price of the contract is the extraction of the users data into a secure file transmitted electronically to the users named destination.
Access to the system will then cease once data extraction is complete.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The user interface adapts to mobile use so users can access the software with their handset. The user interface on a mobile can be viewed in landscape or portrait mode.
Service interface
Yes
Description of service interface
Internet based user interface with a login landing page
Accessibility standards
None or don’t know
Description of accessibility
Interface is primarily text based.
Non-text based is limited to bar charts, and graphs but text alternatives are included with charts and graphs to explain visuals.
There is no audio on the interface.
Colour contrast ratio is 10.86:1 for most of the text, some link text ratio is 4.17:1 and some call to action buttons at 2.61:1 however colour is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
Basic - Buyers can request the user interface is rendered to reflect corporate colours and branding.
Enhanced - A feature request process allows end users to suggest feature developments that are shared with the user community. Those that are deemed of strategic importance to end users and the systems functionality are progressed as part of our systems development strategy.

Scaling

Independence of resources
The system storage configuration allows for scalability on demand.

Analytics

Service usage metrics
Yes
Metrics types
User access and user activity within the interface.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is uploaded into the system via the systems own user interface. Export of data is then via the user interface, as uploaded by the user.
Data that is entered into the system as part of performance monitoring can be exported as a CSV or XLS file.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
  • Word
  • PowerPoint
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • PDF
  • Word
  • PowerPoint
  • JPEG
  • PNG

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
With our hybrid cloud arrangement with have an SLA with a third party hosting provider that offers 99.9% availability.
Approach to resilience
Available on request
Outage reporting
Community Dashboard and
Email Alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Users can only access the service once their organisation has purchased the requisite licence(s). A secure portal is then created for the user and access is granted to users by the purchasing organisation. Access is via username and password.
Access restrictions in management interfaces and support channels
Support staff have access to the community portal and not the client system.
Technical staff have access on permission and access is removed once issues are resolved.
All access is via username and password controlled interfaces.
Technical support systems are not interlinked to the software so access by support staff is manual, and permission based.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Username or password
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Software is hosted in a PCI DSS Level 1 environment
  • Software is hosted in a ISO/ IEC 27001 environment

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
The Managing Partner in the business is the Responsible Officer.

We manage our security processes in line with our Information Governance Policy

We have a Service Level Agreement and Disaster Recovery Policy with our 3rd party data hosting provider.
Information security policies and processes
The Managing Partner is the Senior Responsible Officer.
We have an Information Governance Framework that includes the following policies;
Access Control & Password Policy
Asset Management Policy
Remote Access Policy
Clear Desk Policy
Email Usage Archive Policy
Asset Register
Information Security Policy
Data Protection Policy

Our Managing Partner is the Senior Responsible Officer

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our CTO oversees configuration and change management.
To maintain a secure code base changes - whether initiated by internal strategy or external requests - are logged and assessed for suitability. If agreed the development team and CTO capture the detail of the required change, timeline for development, impact to the system functionality and any potential security concerns. Changes undergo 3 levels of testing before being introduced into the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our CTO is the Senior Responsible Officer for vulnerability management.

Our development team horizon scan for general security concerns, ensure that the code base remains up to date, and that systems in use are up to date and have all necessary / relevant patches.

We maintain a security events log where we record all events, incidents and breaches.

Our 3rd party hosting provider continuously monitor for potential threats and immediately deploy patches for major threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our 3rd party provider conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402. Our SLA with our 3rd party provider provides 24/7/365 support in responding to known incidents that are within their control.

Our local systems record all login attempts: originating IP address, time and success/fail against each user account and our system is configured to automatically log users out after periods of inactivity and lock users out after an incorrect password is entered x times.
Incident management type
Supplier-defined controls
Incident management approach
There are pre-defined processes for common events like undetected bugs.
Users can raise incident reports via our customer portal using a ticketing system that's assigned to service desk manager.
Incidents that need developer involvement are escalated for resolution.
Updates are provided via the portal and response/resolution targets are detailed in our SLA.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£9.99 to £79.99 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
12 Weeks unsupported access to trial the system.
All functionality is included.
Access to the community hub is not included.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dinah.sackey@completecontractmanagement.com. Tell them what format you need. It will help if you say what assistive technology you use.