BravoSolution UK Limited

JAGGAER ONE Source-to-Contract (S2C)

JAGGAER ONE offers a comprehensive Source-to-Contract (S2C) suite including Spend Analytics, Savings & Category Management, Supplier Management, Project Management, Sourcing and Contract Management, plus extensive supporting features and optional integration with JAGGAER ONE P2P. JAGGAER (via our BravoSolution subsidiary) have delivered our hosted/managed service to UK Public Sector since 2005.

Features

  • JAGGAER ONE solution formerly known as Advantage
  • Configurable Spend Analytics, Savings and KPI reporting
  • Category management, Project management, graphical workflows and dashboards
  • Supplier Profiling, Qualification, Classification, Segmentation, Risk Assessment and Development
  • Best-in-class Sourcing solutions including Projects, RFx & Auctions
  • Fully EU/UK compliant OJEU/Contracts Finder Notices & ESPD support
  • Secure Contracts repository, with authoring, amendments and DocuSign eSignature
  • Solution integration with 3rd party systems
  • Manned CTI/CRM helpdesk with audit trail
  • Seamlessly integrated with JAGGAER ONE Purchase-to-Pay

Benefits

  • Intuitive & insightful Analytics for visibility of spend
  • Robust resource and initiative planning and forecasting
  • Supplier onboarding, with configurable profiling, qualification & classification
  • Supplier management with segmentation, risk, performance and development
  • Drive compliance with Template-based best-practice Sourcing processes
  • Manage efficient collaborative evaluations, with automated debriefings
  • Comprehensive reporting & complete forensic audit trails
  • UK-hosted & ISO27001 certified secure services
  • Wide array of application level & organisational configurations
  • Optional P2P integration for PRs, Catalogues, Requisitions, POs & Invoices

Pricing

£56,200 an instance a year

Service documents

Framework

G-Cloud 12

Service ID

1 6 2 8 4 6 7 8 9 8 2 1 8 1 7

Contact

BravoSolution UK Limited Richard Hogg
Telephone: +44 20 7796 4170
Email: rhogg@jaggaer.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
JAGGAER ONE SaaS applications are delivered through a tried and tested infrastructure that has proven to be highly stable, scalable and secure. Customers choosing our SaaS solution do not require to invest any resources in additional Hardware/Software or IT staff to install, run, manage or upgrade the software solution. We have one of the most advanced multi-tenant application delivery capabilities. The organisation is in a position to leverage the true benefits of SaaS while benefitting from high standards of service in terms of security, availability and performance, and with no technical capacity constraints on the use of computing resources.
System requirements
  • Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 10
  • Linux, Mac OS X or other versions of Windows
  • Microsoft Internet Explorer 11 (supported but not recommended)
  • Microsoft Edge
  • Google Chrome 67+
  • Mozilla Firefox (ESR) 68+
  • Safari 13.0.5+ for MacOS
  • JRE Sun Version 1.8+ required for legacy auction advanced features
  • Minimum screen resolution: 1368 x 768
  • MSM app requires Android 4.0+ or iOS 6.0+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are dependent on issue severity. Please refer to: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms/
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Level 1 support is provided as the first entry point for all new cases, from which cases may be escalated to Level 2 and Level 3. Global Support Service Levels: 24/5 follow-the-sun support is available. Contractual SLAs for Customer care and Bugfix are provided at: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms It is our policy to resolve any queries/issues as soon as possible following receipt of a call. Generally, calls are resolved within that initial call. Any issue that cannot be resolved on the first call is immediately directed to the appropriate team for resolution. Outstanding customer support calls take priority over all other work within our operations team. Any issue not resolved within two hours is escalated through agreed escalation issue resolution protocols. The customer will be updated of progress on a regular basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon activation of the service, customers have the option of administering the service themselves, or using the JAGGAER Help Desk for basic administration tasks depending on the support / delivery options adopted. Support/training services can be purchased for assistance in the management of the system whilst executing projects. Where consulting has been purchased, an agreed plan of work will begin with appointment of the lead consultant and, if required, a kick-off day to initiate the project. The nature of the support required by customers is wide-ranging and varied. Customers can choose from a set of available training, support and consulting programmes. Alternatively, JAGGAER can put together a bespoke programme of support to address any specific requirements of the customer. Many customers choose to use a Kick-start package of training and support to enable them to rapidly adopt and deploy the software. Where the nature of the project is such that the built-in templates are not appropriate, or a customer wishes to outsource the configuration of the software, then bespoke templates can be configured, and/or a package of support can be provided. Customers can sign up on a project specific or time expiry based licence with a given number of users.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
JAGGAER can provide customers with a copy of the negotiation and evaluation activities carried out on their JAGGAER ONE Source-to-Contract instance. The archive copy will contain data entered by users on File Sharing Directories, Projects, RFQs, Auctions, Contracts, Notice Forms, and Supplier registration and classification information, from the time of the Instance release to the date of the request. The archive is generated by JAGGAER upon receiving a written request from the customer. The means of delivery of the archive will be agreed between JAGGAER and the customer. The archive contains: Specific data relating to negotiations carried out; Data related to suppliers’ registration information, classification and qualification, in addition to the information extracted from the Supplier Management module; File attachments in their native format, without changes or additions; Optionally, the customer can request platform logs to the date of the request. Alternatively, JAGGAER may provide the customer with continued access to a read-only, IP restricted-access version of the solution that allows the native interrogation and access to the information stored within the solution whilst following the embedded process and application logic. JAGGAER will provide the same exit / termination approach for both cause and termination for convenience scenarios.
End-of-contract process
Specifically regarding the event of expiry or termination of this contracted service, JAGGAER shall act reasonably and cooperate with any replacement provider and facilitate transfer of all information and/or data. JAGGAER shall ensure a smooth transition of availability of services and ensure clear definition of responsibilities including continuing to provide services until the agreed transition sign-off point with the provision of an exit contact, plan and deliverable schedule. The handover activities will either be a one-off data handover or the ongoing consumable restricted audit access to the service as agreed. All handover activities will be performed within a maximum period to be agreed with the customer. Any termination or early exit will attract any agreed fees for minimum duration plus notice period. Licences will be available with full access to information until full provision / extract transfer of existing data is provided.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
JAGGAER ONE S2C Mobile Supply Management (MSM) provides customer branded iOS and Android apps for compatible tablets and smartphones, allowing staff to manage important upstream tasks such as approvals, sending & receiving messages, and checking key sourcing activities on the move. MSM features include: - Approvals management - RFI/RFQ visibility - Contracts visibility - Secure Message exchange MSM apps function only in online mode. In order to use the apps, each User requires a valid User account on the JAGGAER ONE S2C solution. Android app requires Android 4.0 or later. iOS app requires iOS 6.0 or later.
Service interface
Yes
Description of service interface
JAGGAER ONE Source-to-Contract (S2C) is a secure Supply Management software-as-a-service, accessible through supported web browsers over the public Internet via https.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
JAGGAER ONE S2C is continuously validated against the most recent accessibility standards at each major release by internal users using assistive technologies such as JAWS and testing the capability for full keyboard-based navigation and data entry. JAGGAER ONE S2C also has been successfully validated by visually impaired users from the Istituto dei Ciechi of Milan with respect to WCAG 2.0 AA, and using diversified assistive technologies such as Screen Readers & Magnifiers, Speech to Text software and alt-keyboard only navigation, and colour contrast analysers.
API
Yes
What users can and can't do using the API
JAGGAER ONE Integration service layer (JINT) is a JAGGAER proprietary, native cross-platform middleware layer that provides integration capabilities to enable interoperability between JAGGAER Cloud services and external systems, making standard native interfaces and built-in connectors available to support the most common integration scenarios. JINT supports JAGGAER ONE cross-module orchestration and provides: - Cloud connectors to an unsurpassed ecosystem of partners for outcomes that no other solution provider can deliver, including out-of-the-box support for TrustWeaver, Thomson Reuters, D&B, EcoVadis, Bureau van Dijk, Achilles, ConnXus, DocuSign, Adobe, MasterCard and more. - Standard interfaces to customer systems and applications (for SSO, ERP connectivity, document exchange etc.) via a comprehensive catalogue of SOAP XML Web Services, FTP connectors and certified SAP connectors, with a detailed library of supporting documents describing the exposed interfaces and service descriptors. - Integration as a Service (IaaS) providing customer-specific developments for integrations to legacy systems, agreed through Statement of Work.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
JAGGAER ONE S2C portals may be customised in terms of the look and feel. JAGGAER typically performs customisations of each new customer portal in order to satisfy corporate branding requirements. Customisations can include elements such as custom home pages (Buyer and Supplier side users), URL, support pages, logos, and colour schemes. These defined branding requirements remain persistent across the entire service.

JAGGAER ONE S2C also provides 600+ separate backoffice configuration variables for the management of the application behaviours, and enables the customer to manage application textual content and email Alerts.

JAGGAER ONE S2C provides a high degree of application configurability through the front-end User interface, allowing each customer Administrator to manage master data, variables and schemas including Currencies, RoE, UoM, Item master, meta-data fields and Supplier Profile configurations/forms. Furthermore, JAGGAER ONE S2C provides the individual Buying Organisation with control over their local configurations through the ability to directly self-manage:
- Users & Organisation details
- Process Workflows
- Project & Object Templates
- Scorecard & Scoreboard Templates
- Contract Clause Library
- Dashboard Configurations
- Bespoke Filters/Views
- Document Directories
- Reporting DataMart & Analytics Reports

Scaling

Independence of resources
JAGGAER ONE Source-to-Contract is delivered through 3-tier architecture and is designed for extensive use of clustering in all three levels: - Vertical Scalability with the capability to be composed from 1-tier to 3-tier and each tier may scale independently. - Horizontal Scalability with use of Oracle RAC or single user Database, use of multiple web servers (stateless component), use of multiple application servers in cluster configuration. Availability is guaranteed by contractual SLAs: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms

Analytics

Service usage metrics
Yes
Metrics types
JAGGAER ONE Source-to-Contract provides real-time reporting of usage metrics in terms of Organisation User accounts, Registered Suppliers and all related Sourcing activities. Integrated Management Reporting provides a full range of MI on RFx/Auctions/Contracts and other activities in multiple dimensions e.g. by event type, activity by Buyer(s), activity by Supplier(s), as well as useful metrics such as invited supplier participation, response ratios and event durations. Additionally, JAGGAER will provide automated Monthly usage reporting via the integrated Data Mart and may provide additional customised reporting and/or Analytics+ Dashboards as required (please refer to Reporting & Analytics in the Service Definition document).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Comprehensive data export features are provided across all JAGGAER ONE Source-to-Contract modules, such as configurable Search/Filters on lists, Export to Excel, exporting of evaluation scenarios, attachment Mass Downloading on Attachment lists and RFx responses, Contract headers and meta-data, Contract documents, Printable Views, Summary Reporting of RFx, Auctions & Contracts in HTML, PDF, PDF/a, RTF, DOCX, ODIF, ODS, XLSX etc. Further configurable Excel reporting is also available through the reporting Data Mart interface where Users may define reports using a Report Builder, then export reports in MS Excel / CSV. Our Analytics+ solution also provides online Report creation/editing and export tools.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF/a
  • HTML
  • RTF
  • DOCX
  • XLSX
  • ODS
  • CSV
Data import formats
Other
Other data import formats
  • XLSX (via Templates provided within the UI)
  • XLSX (Backoffice processes via Templates provided by JAGGAER)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
JAGGAER limits the external exposure of core systems through an architecture based on distinct “zones”, managed by a specific set of rules and firewall levels. This configuration and the consistent adoption of Network Address Translation (NAT) ensures that only the systems responsible for delivering the application services are visible and accessible via the public network. Firewalls deployed as part of the solution are placed in full failover mode for high-availability and include IPsec VPN capabilities for connectivity to management networks and for external support access.

Availability and resilience

Guaranteed availability
JAGGAER shall make all JAGGAER SaaS Applications available to the Client for at least ninety-nine and one half percent (99.5%) of the time (determined monthly on a calendar basis), seven (7) days a week, twenty-four (24) hours per day, not including any unavailability that (i) results from JAGGAER maintenance communicated in advance or (ii) results from the poor performance or, of failure of, internet service or other outside service, software or equipment not within the control of JAGGAER (“Service Level Availability”). JAGGAER test and pre-production environments are expressly excluded from this or any other service level commitment.
Approach to resilience
JAGGAER has established an ISO Integrated Management System based on the following international ISO standards, accredited by Intertek: ISO 9001 Quality Management System. ISO27000-1 Information Security Management System (ISMS). ISO20000-1 Service Management System (SMS). ISO27018 JAGGAER Information Security Management System for Personally Identifiable Information (ISMS-PII) in public clouds. ISO22301 Business Continuity Management System (BCMS). ISO 37001 Anti-Bribery Management System. Full ISO documentation available by formal request. JAGGAER has deployed a multi-tier architecture with one level specifically dedicated to “data storage” containing platform data (DBMS) and documents (Files & Attachments). Document transfers to/from upper levels are permitted only through proper application processes. The storage system is based on SAN technology and provides several levels of redundancy: Hard-disks in hot-spare configuration. Complete redundancy of every SAN component. Redundancy for the DBMS server level (cluster nodes) emphasised by the Oracle RAC technology. The entire content of the storage system is both fully and incrementally backed-up on “Near on Line” disks systems. Hence the back-up is available for a complete data recovery against database corruption. The backup is both local and remote (geographically separate secondary datacentre).
Outage reporting
Outage reporting is via email alert to the customer nominated Senior Responsible Officer (SRO). Specific reports are also available, upon request, to document events such as security incidents or unscheduled system unavailability: SIR, Security Incident Report: for security incidents; RCA, Root Cause Analysis: for unscheduled service interruptions. RCA reporting is not available when any service interruption is within contractual Service Levels.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
In accordance with ISO27001, JAGGAER personnel are able to access the solution for management via VPN or LAN. VPN access is restricted via 2-way authentication based on OTP provided via TEXT Passcode sent to the mobile phone of the personnel. LAN access is allowed only for personnel belonging to the ITOps and Client Solutions teams. Access is secured by assigning privileges to a subset of IP addresses, determined using the MAC address of the network card for each persons computer. In addition, access to production environments is only allowed from a single office, with secure access via magnetic badge.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Intertek
ISO/IEC 27001 accreditation date
04/04/2019
What the ISO/IEC 27001 doesn’t cover
The JAGGAER Information Security Management System ISMS is applicable to: Design and provision of JAGGAER Software as a Service and JAGGAER Application Appliance (JAA) solutions for enterprise supply management and spend management processes with related consulting activities and professional services.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus
  • ISO/IEC 27018:2014 Protection of PII in public clouds
  • ISO 22301:2012 Societal Security
  • ISO 37001:2016 Anti-bribery

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO/IEC 27018:2014 Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
Information security policies and processes
JAGGAER continually enhances the depth and breadth of our security policy in response to constantly evolving application features and technical standards. Over a decade of service delivery has provided JAGGAER with a solid foundation of “real” experience to develop and fine-tune our security policies at the highest levels in the market. We firmly believe that only a balanced combination of policies and technologies could effectively respond to the growing security requirements in delivering our services. The company has invested time and resources to ensure that appropriate policies are implemented, and suitable technologies are in place to deliver the most effective security protocols in the areas of Privacy, Authenticity, Integrity and Non-repudiation. JAGGAER has obtained relevant certifications from independent third parties including leading international providers of services for risk management. Our applications are subject to regular independent penetration testing and review, and have been accredited for use by UK HM Government through the Crown Commercial Services agency and their predecessors. JAGGAER has also obtained the integrated ISO 27001:2013 Information Security, ISO/IEC 22301:2012 Business Continuity, and ISO/IEC 20000-1:2011 Service Management Certifications, which together formally specify a management system to guarantee data security, regulatory compliance and business continuity.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
JAGGAER maintains an ISO20000-1/ISO27001/ISO22301 Integrated System Configuration Management Plan. The Plan encompasses the following JAGGAER requirements: Business requirements (JAGGAER catalogued services). Internal requirements (JAGGAER internal SW and Network components). JAGGAER's Configuration Management Plan is established to ensure that there are sufficient resources and capabilities for both the implementation and maintenance of the evolving CI records. Major areas in scope include: IT infrastructure configuration (Business and Internal). Source Code configuration. Software Platform set-up and configuration. Web Services set-up and configuration.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All components utilised in the JAGGAER ONE Source-to-Contract architecture are continuously monitored for patches and software updates, especially in the area of security subsystems. Patch notifications impacting any critical areas of the platform’s security architecture are implemented immediately. According to ISO27000-1 requirements ISO policies are in place, to maintain and improve the organisation's ability to face new & complex external threats. An updated list of relevant interest groups is monitored at regular intervals by designated officers in order to handle any possible news related to real and/or potential external threats. A summary of hardening guidelines is available on request.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
In accordance with ISO27001, JAGGAER have established and implemented a real-time analysis of security alerts generated by our network hardware and applications. Real-time monitoring system via 3rd party monitoring software (Paessler PRTG), is used to record, collect and retain data on systems status, availability, connectivity, full network monitoring, SLAs, and DR sites. Alarms are triggered via email and SMS for escalation. JAGGAER ONE Source-to-Contract has an extensive mechanism for tracking platform activities through the use of application logs. JAGGAER also operates a centralised log repository for web servers, application servers, and database servers for problem determination and user action analysis.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
JAGGAER maintains an ISO20000-1/ISO27001/ISO22301 ISMS Incident Management Procedure, and Communication Plan, available on request. Plan scope includes: Detecting an incident; Regular monitoring of an incident; Internal communication within the organisation, receiving, documenting and responding to communication from interested parties; Receiving, documenting and responding to any national or regional risk advisory system; Assuring availability of the means of communication during a disruptive incident; Facilitating structured communication with emergency responders; Recording of vital information about the incident, actions taken and decisions made, plus: Alerting interested parties potentially impacted; Assuring the interoperability of multiple responding organisations and personnel; Operation of a communications facility.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£56,200 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents