EDICOM CAPITAL

EDICOM

Cloud based EDI, electronic Invoicing, Electronic Purchase Orders,e-VAT compliance, Long Term e-Archiving & digital signature.

Features

  • Real Time Reporting
  • Accredited Peppol Access Point (NHS UK & Europe)
  • Integrated Solution
  • Secure Communications Channels
  • Remote Web Access
  • Outsourced Services
  • Real Time EDI Document Exchange
  • Web Platform Access

Benefits

  • Access your EDI solution from your ERP
  • Access your solution from our web platform
  • Automate the communications with any business partner
  • Fully Tailored solution
  • Capable of reaching any business partner through EDI
  • NHS open Network

Pricing

£35 to £25000 per licence per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 8 7 0 9 7 0 7 2 3 6 6 1 0 4

Contact

EDICOM CAPITAL

Alex Doogan

+448712770028

adoogan@edicomgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No system requirements. Access form any web browser in order to work thoruhg our platform. Tailored solutions for any ERP system.
System requirements
No system requirements. Access form any web browser.

User support

Email or online ticketing support
Email or online ticketing
Support response times
EMAIL SUPPORT. NO TICKETS, every phone call or email will be answered within the contractual defined response times.
Depending on the contracted service. F.e., theres 24x7 support or a Monday to Friday from 8am-5pm customer support service.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The implementation of any technological solution with EDICOM, will allow you access to our Customer Care Center. It is a customer support center that you can connect through multiple dedicated telephone lines in multiple countries, as well as through our chat service, or email.

Access to C.S.C. is performed with maximum efficiency criterion, minimizing response times, through the demonstrated ability of each and every one of the technicians to resolve issues in real time, without having to refer to other departments.

The customer support service includes the resolution of incidents on all elements in the EDICOM platform needed to provide the service.
EDICOM offers the possibility of remote equipment management (Telemaintenance) at no additional charge, as long as the client enables the appropriate accesses and permits.
EDICOM has three service levels of availability and resolution times, provided to clients in line with their specific needs.
EDICOM resolves to identify the root cause of the problem in order to guarantee that it does not occur again in the future. Within 5 days of the incident EDICOM will produce a report of the corrective and preventative measures taken.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide online training and user documentation which is available at all time.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Video
End-of-contract data extraction
There's various options. If it's an integrated version, the data is already stored in their system. If not, they can manually download everything from the web platform, or they can contract consultancy services for Edicom to upload all the information into their system.
End-of-contract process
Theres no extra cost at the end of a contract.

Pricing in the contract includes all charges that will be made: Implementation costs, and monthly or yearly recurring fees. If needed, it is also specified by contract the specific discount table that applies to the cost per document for the implemented solution.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Web platform can be accessed from mobile devices through the mobile's web browser
Service interface
Yes
Description of service interface
Web browser interface, accessed from any device.
Accessibility standards
None or don’t know
Description of accessibility
Our web interface can be accessed from any web browser, also from IOS and Android. There's text and video content with tutorials on how to use the service in the website. Decoration, Formatting, Invisible: Non-text content is pure decoration, is used only for visual formatting, or is not presented to users, then it is implemented in a way that it can be ignored by assistive technology. *Exception: PDF Generation
Accessibility testing
No testing
API
No
Customisation available
Yes
Description of customisation
They can decide what documents they want to exchange, how they want to receive the data, and what their reports will look like. If they have a web portal, the design can also be customised.
This is all done by Edicom.

Scaling

Independence of resources
Edicom has 2 different high availability servers running simoultaneously, which are currently handling 700.000.000 transactions a year. They are alocated 40 miles away from each other, and are both capable of handling 100% of the workload in case anything were to occur to one of them. Therefore, users are not affected by the demand.

Analytics

Service usage metrics
Yes
Metrics types
Users can all their document information on their dashboard or in a periodic report uppon request, such as number of messages exchanged in a period of time with a specific partner, etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Access to the primary data centre (DPC), located in EDICOM Business Centre (EBC), is controlled by an access card. Access by fingerprint is also possible. The access cards required to access the DPC are the same used to access the EBC, although a second level of authorization, assigned to EDICOM employees on a need-to-have basis, is required.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
It's either automatically exported into their system or they can manualy click on the "export" button which will give them different format options for the download.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Any prior arranged structured format.
Data import formats
  • CSV
  • Other
Other data import formats
  • IDOC
  • XML
  • TXT
  • EDIFACT
  • Any prior arraganged structured format.

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
QSCD
Digital Seals XAdES-LT
Cryptographic hash function SHA-256
ESET NOD32

Availability and resilience

Guaranteed availability
Our platform availability is guaranteed 99,9% of the time by our SLA, included in all our contracts.
If EDICOM does not comply with its SLA, refunds will be decided in each case in particular.
Approach to resilience
Edicom has 2 different servers allocated 40 miles from each other working simultaneously. In case one were to fail, the other is capable of taking 100% of the workload, guaranteeing a 99,9% of the platform's availability.
Outage reporting
Edicom has 2 different servers allocated 40 miles from each other working simultaneously. In case one were to fail, the other is capable of taking 100% of the workload, guaranteeing a 99,9% of the platform's availability.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password plus they must have a certificate on their system.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
IQNET + AENOR
ISO/IEC 27001 accreditation date
29/07/2017
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
PEPPOL Acces Point Provider
GDSN Certified V3.1
eIDAS Qualified Trust Service Provider
ASx Server (e-SENS AS4)
ISO 27001 IQNET & AENOR
ISO 20000 IQNET & AENOR
ISAE 3402
TIER II DESIGN
European Certification Authority
Cyber Essentials
OFTP2
ITIL
PMP
PAC, TSA, NOM151 (Mexico)
ONAC (Colombia)
Information security policies and processes
EDICOM has developed an Information Security Policy which states management commitment and sets out EDICOM's approach to managing information security. This policy has been communicated throughout the organization to users in a relevant, accessible and understandable way and is accepted by EDICOM's employees before its incorporation.
All employees’ signs in their contract they will fulfil the EDICOM’s Information Security Policy, and EDICOM hands over them at first training day.

Risks assessment which EDICOM is exposed, as well as its assets, have been developed following its own methodology, considering the requirements of ISO 27001 and ISO 20000.
Once information security risk assessment has been performed, there is a formal and documented acceptance of the risk acceptance criteria.
Those risks which are above the risk acceptance criteria, the organization perform and approve a Risk Treatment Plan (RTP) which collects the performing
actions to minimize risks below the risk acceptance criteria. EDICOM’s Management agrees to provide the necessary resources to set the RTP, according a benefit-cost analysis, it means, the cost of implementing the measure must be lower that the risk which EDICOM is going to treat.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The objective of the change and release management process is to ensure that changes are formally managed and properly migrated to production in order to minimize the number of change-related incidents and their impact on the service quality.
This process consists of two main subprocesses:
• The change management subprocess, covering the analysis, development and testing of the changes.
• The release management subprocess, covering the migration of the change from the development and test environments to the production environment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
As a part of the BCP, EDICOM has performed a Business Impact
Analysis (BIA) which has allowed to detect weaknesses or threats, as well as principal processes and systems.
It has been identified availability requirements (Recovery Time Objective –RTO– and Recovery Point Objective –RPO–) for every principal process within BCP scope (Edicom Cloud and trust services).
Once RTO and RPO have been identified, EDICOM has designed different
scenarios where an eventuality or disaster could take place from threats and impacts identified at BIA. Finally, some strategies have been developed to guarantee business continuity in each scenario.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
EDICOM employs specialists in financial, operational and information systems auditing. These audits are conducted using either internal or external resources and are supervised in the first place by the Chief Financial Officer, Chief Technology Officer and Chief Security Officer, respectively.
As a last resort, the Board of Directors is responsible for the inspection of audit findings and for the implementation of action plans in a correct and timely manner.

EDICOM is subject to reviews by internal and external auditors on a periodic basis. These audits are scheduled yearly by the Board of Directors.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
EDICOM has implemented an incident and problem management process to manage incidents and problems that may affect the operational services delivered to its Clients. Where the incident management process is aimed at the restoration of interrupted or reduced services within predefined timeframes, the problem management process focuses on finding root causes for one or more incidents in order to prevent the recurrence of similar incidents in the future.
The major steps in the incident management process are depicted below:
Incident logging
Incident categorization and classification
Incident investigation and diagnosis
Record Error Resolution
Incident review and closure

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Other
Other public sector networks
  • UK HMRC Making Tax Digital
  • Chorus (France), PGEFe & SII (Spain), SdI (Italy)
  • SAFT (Portugal), SAFT (Poland), SAFT (Norway)
  • RTIR (Hungary) , Digipoort (Netherlands)
  • Peppol Network (all of Europe)

Pricing

Price
£35 to £25000 per licence per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
For NHS trusts and Public organisations only. Full solution for a defined period of time. Each case is treated individually.

Service documents

Return to top ↑