BravoSolution UK Limited

BravoSolution: BravoAdvantage Source to Pay (S2P)

BravoAdvantage offers a comprehensive Source-to-Pay (S2P) procurement suite: Savings Management, Spend Analysis, Supplier Management (Profiling / Qualification / Classification / Segmentation / Risk / Performance / Development), Sourcing, Contract Management, Procurement / Invoicing (P2P) and supporting Services.
BravoSolution (Bravo) have delivered our hosted/managed service to UK Public Sector since 2005.


  • Web-based, mobile friendly, with rapid service implementation
  • Sourcing (eTendering & eAuctions) including OJEU/Contracts Finder eSender
  • Supplier Profiling, Qualification, Classification, Segmentation, Risk Assessment and Development
  • Contract management, authoring/drafting, approval(s), version control and reporting
  • Programme management, graphical workflows and dashboards
  • Customisable Spend, Savings and KPI reporting
  • Purchase, Catalogue and Invoice management, plus downstream management tools
  • Solution integration with 3rd party systems
  • UK hosted, CCS "OFFICIAL" & ISO 27001 accredited upstream services
  • Manned CTI/CRM helpdesk with audit trail


  • True visibility of supplier spend and analytics - anywhere, anytime
  • Drive adoption and compliance with best practice processes
  • Robust resource and initiative planning, forecasting and reporting
  • Supplier onboarding, with custom profiling, qualification & classification
  • Supplier / Vendor management with segmentation, risk, performance and development
  • Compliant advertising, tendering and eAuction support (OJEU & Contracts Finder)
  • Share and evaluate complex bids with disparate stakeholders
  • Define & manage contract processes, authoring/drafting, amendments and reports
  • Manage Purchase to Pay process including Catalogues & Invoices
  • Wide array of application level configurations and customisations


£15000 per instance per year

Service documents

G-Cloud 9


BravoSolution UK Limited

Richard Hogg

+44 20 7796 4170

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints BravoAdvantage SaaS applications are delivered through a tried and tested infrastructure that has proven to be highly stable, scalable and secure.
Customers choosing our SaaS solution do not require to invest any resources in additional Hardware/Software or IT staff to install, run, manage or upgrade the software solution.
We have one of the most advanced multi-tenant application delivery capabilities. The organisation is in a position to leverage the true benefits of SaaS while benefitting from the highest standards of service in terms of security, availability and performance, and with no technical capacity constraints on the use of computing resources.
System requirements
  • Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 10
  • Linux, Mac OS X or other versions of Windows
  • Microsoft Internet Explorer 11 (Version 10 is not recommended)
  • Microsoft Edge
  • Google Chrome
  • Mozilla Firefox (ESR) 45+
  • Safari 10 for MacOS
  • JRE Sun 1.8 required for online auction advanced features
  • Minimum screen resolution: 1024 x 768
  • MSM app requires Android 4.0+ or iOS 6.0+

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In support of our Source-to-Pay solution, BravoSolution offers standard support for Suppliers, and for all licensed sourcing, procurement, accounts payable and super/admin users, with the possibility to upgrade this service to cover the entire user community.

Times: UK working days from 08:00 to 18:00 UK time excluding Public Holidays (additional times by arrangement)
Support Type: Reactive technical and functional issue resolution associated with the BravoAdvantage solution.
Users: Suppliers and all licensed procurement, accounts payable and super/admin users
Languages: English is our standard support language (other languages available)
Contact Methods: Phone, Email, Call Me Back (initiated by the end-user)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Level 1 support is provided as the first entry point for all new cases, from which cases may be escalated to Level 2 and Level 3.

Global Support Service Levels: 24/5 follow-the-sun support is available.

Contractual SLAs for Customer care and Bugfix are provided in our Service Definition document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Upon activation of the service, customers have the option of administering the service themselves, or using the BravoSolution Help Desk for basic administration tasks depending on the support / delivery options adopted.
Support/training services can be purchased for assistance in the management of the system whilst executing projects.
Where consulting has been purchased, an agreed plan of work will begin with appointment of the lead consultant and, if required, a kick-off day to initiate the project.
The nature of the support required by customers is wide-ranging and varied.
Customers can choose from a set of available training, support and consulting programmes.
Alternatively, BravoSolution can put together a bespoke programme of support to address any specific requirements of the customer.
Many customers choose to use a Kick-start package of training and support to enable them to rapidly adopt and deploy the software.
Where the nature of the project is such that the built-in templates are not appropriate, or a customer wishes to outsource the configuration of the software, then bespoke templates can be configured, and/or a package of support can be provided.
Customers can sign up on a project specific or time expiry based licence with a given number of users.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • DOCX
  • PPTX
  • XLSX
End-of-contract data extraction BravoSolution can provide customers with a copy of the negotiation and evaluation activities carried out on their BravoAdvantage instance. The archive copy will contain data entered by users on File Sharing Directories, Projects, RFQs, Auctions, Contracts, Notice Forms, and Supplier registration and classification information, from the time of the Instance release to the date of the request.

The archive is generated by BravoSolution upon receiving a written request from the customer. The means of delivery of the archive will be agreed between BravoSolution and the customer.

The archive contains:
Specific data relating to negotiations carried out;
Data related to suppliers’ registration information, classification and qualification, in addition to the information extracted from the Supplier Management module;
File attachments in their native format, without changes or additions;
Optionally, the customer can request platform logs to the date of the request.

Alternatively, BravoSolution may provide the customer with continued access to a read-only, IP restricted-access version of the solution that allows the native interrogation and access to the information stored within the solution whilst following the embedded process and application logic.

BravoSolution will provide the same exit / termination approach for both cause and termination for convenience scenarios.
End-of-contract process Specifically regarding the event of expiry or termination of this contracted service, BravoSolution shall act reasonably and cooperate with any replacement provider and facilitate transfer of all information and/or data.
BravoSolution shall ensure a smooth transition of availability of services and ensure clear definition of responsibilities including continuing to provide services until the agreed transition sign-off point with the provision of an exit contact, plan and deliverable schedule.
The handover activities will either be a one-off data handover or the ongoing consumable restricted audit access to the service as agreed.
All handover activities will be performed within a maximum period to be agreed with the customer.
Any termination or early exit will attract any agreed fees for minimum duration plus notice period. Licences will be available with full access to information until full provision / extract transfer of existing data is provided.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service BravoSolution Mobile Supply Management (MSM) provides customer branded iOS and Android apps for compatible tablets and smartphones, allowing staff to manage important upstream tasks such as approvals, send & receive messages, and check key sourcing activities whilst on the move.

MSM features include:
- Approvals management
- RFI/RFQ visibility
- Contracts visibility
- Secure Message exchange

MSM apps function only in online mode. In order to use the apps, each User requires a valid User account on the BravoAdvantage suite.
Android app requires Android 4.0 or later. iOS app requires iOS 6.0 or later.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing BravoAdvantage sourcing tools provide high standards of usability and accessibility aligned to W3C WAI: WCAG 2.0 AA level.
BravoSolution can demonstrate a long-term commitment to accessibility through developing our product in accordance with W3C WAI: WCAG guidelines since 2008.
BravoAdvantage has been validated against W3C WAI:WCAG 2.0 AA standard by the Italian Istituto dei Ciechi di Milano.

In terms of specific accessibility features:
BravoAdvantage provides a framework of named anchors in pages allowing the User to navigate within and between pages using only the keyboard if required.
BravoAdvantage is tested for compatibility with assistive technologies such as JAWS for Windows, supporting Users with physical impairments to navigate via alternative means such as Screen Readers and Voice control.
Default fonts and colours may be specified by the customer during the implementation phase through the design of a custom CSS.
BravoAdvantage provides a High Contrast stylesheet as a selectable default option for Users.
Users may also deploy their native web browser functionality to manage their own personal font selections, font scaling and colour requirements.
What users can and can't do using the API BravoAdvantage Integrations (BAI)
BAI is a secure web-services integration toolkit based on SOAP messages over https with IP filtering. BAI also includes a library of FTP connectors for external systems that cannot directly use web-services.
Most relevant business integration scenarios are supported by predefined BAI configurations.

Each integration model is defined with specific documentation that includes detailed instructions for the development and test of the client module to be implemented on the customer side.

Currently supported integration models include:
- Authentication Systems (eg SSO from external applications)
- ERP Systems
- Document Archives & Records Management Systems
- Intranet Project/Contract Management Systems
- Supplier Information Databases
- Reporting Systems

BravoSolution are a SAP accredited integration partner with extensive experience in multiple ERP provider integrations.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation BravoAdvantage portals may be highly customised in terms of the look and feel. BravoSolution typically performs customisations of each new customer portal in order to satisfy corporate branding requirements. Customisations can include elements such as custom home pages (Buyer and Supplier side users), URL, support pages, logos, colour schema, fonts and specific content colouring (e.g. performance KPIs, colouring, graphing etc.) throughout the portal. These defined branding requirements remain persistent across the entire service.

BravoAdvantage also provides 200+ separate backoffice configuration variables for the management of the application behaviours, and enables the customer to manage application textual content and email Alerts.

BravoAdvantage provides a high degree of application configurability through the front-end User interface, allowing each customer Administrator to manage a wide range of master data, variables and schemas including custom meta-data fields and Supplier Profile configurations.

Furthermore, BravoAdvantage provides the individual Buying Organisation with control over their local configurations through the ability to directly self-manage:
- Users & Organisation details
- Process Workflows
- Project & Object Templates
- Scorecard & Scoreboard Templates
- Contract Clause Library
- Dashboard Configurations
- Custom Filters/Views
- Document Directories
- Reporting DataMart


Independence of resources BravoAdvantage Sourcing services are delivered through 3-tier architecture and are designed for extensive use of clustering in all 3 levels.

Vertical Scalability with the capability to be composed from 1-tier to 3-tier and each tier may scale independently.
Horizontal Scalability with use of Oracle RAC or single user Database,
use of multiple web servers (stateless component), use of multiple application servers in cluster configuration (BA specific cluster).

Availability & Response Times are guaranteed by contractual SLAs according to the relevant modules.


Service usage metrics Yes
Metrics types BravoAdvantage provides real-time reporting of usage metrics in terms of Organisation User accounts, Registered Suppliers and all related Sourcing activities.

Integrated Management Reporting provides a full range of MI on RFx/Auctions/Contracts and other activities in multiple dimensions e.g. by event type, activity by Buyer(s), activity by Supplier(s), as well as useful metrics such as invited supplier participation, response ratios and event durations.

Additionally, BravoSolution will provide automated Monthly usage reporting via the integrated Data Mart and may provide additional customised reporting and/or Analytics Dashboards as required (please refer to Reporting & Analytics in the Service Definition document).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Comprehensive data export features are provided across all modules, such as custom Search/Filters on lists, Export to Excel, exporting of evaluation scenarios, attachment Mass Downloading on Attachment lists and RFx responses, Contract headers and meta-data, Contract documents, Printable Views, Summary Reporting of RFx, Auctions & Contracts in HTML, PDF, PDF/a, RTF, DOCX, ODIF, ODS, XLSX etc.

Further custom Excel reporting is also available through the reporting Data Mart interface where Users may define custom reports using a Report Builder, then export reports in MS Excel.
Data export formats
  • ODF
  • Other
Other data export formats
  • PDF/a
  • HTML
  • RTF
  • DOCX
  • XLSX
  • ODS
Data import formats Other
Other data import formats
  • XLSX (via Templates provided within the UI)
  • XLSX (Backoffice processes via Templates provided by BravoSolution)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network BravoSolution limits the external exposure of core systems through an architecture based on distinct “zones”, managed by a specific set of rules and firewall levels. This configuration and the consistent adoption of Network Address Translation (NAT) ensures that only the systems responsible for delivering the application services are visible and accessible via the public network.

Firewalls deployed as part of the solution are placed in full failover mode for high-availability and include IPsec VPN capabilities for connectivity to management networks and for external support access.

Availability and resilience

Availability and resilience
Guaranteed availability BravoAdvantage Platinum SLA for Availability on the Production environment is 99.5% minimum.

The monitoring period excludes any planned maintenance windows.
Service Credits are provided for any non-conformity to SLAs.

Availability, expressed as a percentage, is calculated monthly using the following formula:

AV = { 1 – [ INTC – ( INT1 + INT2 )] / DSC } *100

AV: Level of availability expressed in %.
INTC: Total outage within the measurement period.
INT1: Time of outage due to system maintenance, update, upgrade and fixes planned or previously communicated to the Customer.
INT2: Time of outage due to events beyond BravoSolution’s reasonable control.
DSC: Total time available during the measurement period.

Measurement is recorded by an automated monitoring system (Paessler PRTG server).
Customers are provided with automated Monthly reporting.

Service Credits are available for identified non-compliance to SLAs.
Approach to resilience BravoSolution has established an ISO Integrated Management System based on the following international ISO standards, accredited by Intertek:

ISO27000-1 Information Security Management System (ISMS).
ISO20000-1 Service Management System (SMS).
ISO27018 BravoSolution Information Security Management System for Personally Identifiable Information (ISMS-PII) in public clouds.
ISO22301 Business Continuity Management System (BCMS).

Full ISO documentation available by formal request.

BravoSolution has deployed a multi-tier architecture with one level specifically dedicated to “data storage” containing platform data (DBMS) and documents (Files & Attachments). Document transfers to/from upper levels are permitted only through proper application processes.

The storage system is based on SAN technology and provides several levels of redundancy:
Hard-disks in hot-spare configuration.
Complete redundancy of every SAN component.
Redundancy for the DBMS server level (cluster nodes) emphasised by the Oracle RAC technology.

The entire content of the storage system is both fully and incrementally backed-up on “Near on Line” disks systems.
Hence the back-up is available for a complete data recovery against database corruption. The recovery is made through “snapshot” logic and the database can be recovered as it appeared at the end of a particular day in the past.
The backup is both local and remote (geographically separate secondary datacentre).
Outage reporting Outage reporting is via email alert to the customer nominated Senior Responsible Officer (SRO).
Specific reports are also available, upon request, to document events such as security incidents or unscheduled system unavailability:
SIR, Security Incident Report: for security incidents;
RCA, Root Cause Analysis: for unscheduled service interruptions.
RCA reporting is not available when any service interruption is within contractual Service Levels.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels In accordance with ISO27001, BravoSolution personnel are able to access the solution for management via VPN or LAN.
VPN access is restricted via 2-way authentication based on OTP provided via TEXT Passcode sent to the mobile phone of the personnel.
LAN access is allowed only for personnel belonging to the IT Ops and Client Solutions teams. Access is secured by assigning privileges to a subset of IP addresses, determined using the MAC address of the network card for each persons computer.
In addition, access to production environments is only allowed from a single office, with secure access via magnetic badge.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Intertek
ISO/IEC 27001 accreditation date 26/03/2016
What the ISO/IEC 27001 doesn’t cover The scope of the ISO/IEC 27001:2013 certification includes the Information Security Management System (ISMS) supporting the provision of BravoSolution SaaS (Software as a Service) and BravoSolution BAA (BravoAdvantage Appliance) solutions for enterprise supply management processes.
The relevant Statement of Applicability is available on formal request.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Cyber Essentials Plus
  • CCS "OFFICIAL" Accreditation (previously HMG IL3)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes BravoSolution continually enhances the depth and breadth of our security policy in response to constantly evolving application features and technical standards.
Over a decade of service delivery has provided BravoSolution with a solid foundation of “real” experience to develop and fine-tune our security policies at the highest levels in the market.
We firmly believe that only a balanced combination of policies and technologies could effectively respond to the growing security requirements in delivering Sourcing services.
The company has invested time and resources to ensure that appropriate policies are implemented, and suitable technologies are in place to deliver the most effective security protocols in the areas of Privacy, Authenticity, Integrity and Non-repudiation.
BravoSolution has obtained relevant certifications from independent third parties including leading international providers of services for risk management.
Our applications are subject to regular independent penetration testing and review, and have been annually accredited for use by UK HM Government since 2005 through the Crown Commercial Services agency and their predecessors.
BravoSolution has also obtained the integrated ISO 27001:2013 Information Security, ISO/IEC 22301:2012 Business Continuity, and ISO/IEC 20000-1:2011 Service Management Certifications, which together formally specify a management system to guarantee data security, regulatory compliance and business continuity.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach BravoSolution maintains an ISO20000-1/ISO27001/ISO22301 Integrated System Configuration Management Plan.

The Plan encompasses the following BravoSolution requirements:
Business requirements (BravoSolution catalogued services).
Internal requirements (BravoSolution internal SW and Network components).

BravoSolution's Configuration Management Plan is established to ensure that there are sufficient resources and capabilities for both the implementation and maintenance of the evolving CI records.

Major areas in scope include:

IT infrastructure configuration (Business and Internal).
Source Code configuration.
Software Platform set-up and configuration.
Web Services set-up and configuration.

A copy of the Configuration Management Plan is available on formal request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All components utilised in BravoSolution’s architecture are continuously monitored for patches and software updates, especially in the area of security subsystems.
Patch notifications impacting any of the critical areas of the platform’s security architecture are implemented immediately.
According to ISO27000-1 requirements a specific ISO policy is in place, to maintain and improve the organisation's ability to face new & complex external threats.
An updated list of relevant interest groups is monitored at regular intervals by designated officers in order to handle any possible news related to real and/or potential external threats.
A summary of hardening guidelines is available on request.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach In accordance with ISO27001, BravoSolution have established and implemented a real-time analysis of security alerts generated by our network hardware and applications.

Real-time monitoring system via leading 3rd party monitoring software (Paessler PRTG), is used to record, collect and retain data on systems status, availability, connectivity, full network monitoring, SLAs, and DR sites. Alarms are triggered via email and SMS for escalation.

BravoAdvantage has an extensive mechanism for tracking platform activities through the use of application logs.

BravoSolution also operates a centralised log repository for web servers, application servers, and database servers for problem determination and user action analysis.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach BravoSolution maintains an ISO20000-1/ISO27001/ISO22301 ISMS Incident Management Procedure, and Communication Plan, available on request.
Plan scope includes:
Detecting an incident;
Regular monitoring of an incident;
Internal communication within the organisation, receiving, documenting and responding to communication from interested parties;
Receiving, documenting and responding to any national or regional risk advisory system;
Assuring availability of the means of communication during a disruptive incident;
Facilitating structured communication with emergency responders;
Recording of vital information about the incident, actions taken and decisions made, plus:
Alerting interested parties potentially impacted;
Assuring the interoperability of multiple responding organisations and personnel;
Operation of a communications facility.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15000 per instance per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑