BiP Solutions Ltd

Delta eSourcing

Delta eSourcing allows buying organisations to manage tenders, suppliers and contracts in a single solution.
Securely hosted, UK and EU compliant service.

Modules: Buyer Profile and Portal, Tender Manager, Supplier Manager, Contract Manager, Project and Workspace Manager, Quick Call and eAuctions.

Keywords: E-Sourcing, E-Tendering, Electronic Sourcing, eProcurement, E-Procurement, Electronic Procurement

Features

  • Publish direct to OJEU, Contracts Finder and buyer profile/portal
  • Online PQQ, RFI, RFP, RFT, Tender Box and Auctions
  • Auto-score online questionnaires
  • Register contracts, set reminders, record performance and variance
  • Fully branded Buyer Profile with contract noticeboard
  • Custom portals with alerts, contracts and opportunities notice board
  • Create project workspaces, assign roles and work collaboratively
  • Buyer and supplier helpdesk service
  • Database of more than 120,000 registered suppliers
  • ISO27001/Cyber Essentials accredited hosting, disaster Recovery and Business Continuity

Benefits

  • eSourcing and eTendering Compliant with UK legislation and EU regulations
  • Extensive pool of potential suppliers
  • Find suitable suppliers and invite them to bid
  • Plan and execute complex procurement projects
  • Save time by auto-scoring online questionnaires
  • Online repository of contract and supplier performance information
  • Secure auditable activity log
  • Work collaboratively with other departments and buying organisations
  • Assured confidentiality, integrity and availability
  • Full helpdesk support for buyers and suppliers: email, telephone, live-chat

Pricing

£14,000 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

3 3 0 1 9 1 1 4 5 4 1 5 6 0 4

Contact

BiP Solutions Ltd Anne McKinnon
Telephone: 0141 270 7090
Email: tenders@bipsolutions.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Planned maintenance scheduled for low activity periods. Typically Tuesday evening. Maintenance can be rescheduled in case of conflict with a priority procurement event such as Tender Box closing.
System requirements
  • Internet access
  • JavaScript enabled browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
• 99% of emailed enquiries highlighting an issue will be responded to within 24 hours.

• 99% of emailed enquiries highlighting a service improvement request will be acknowledged within 1 business day.

• 99% of emailed enquiries highlighting an improvement wish will be responded to detailing status with regard to development roadmap within to within 14 working days.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We are undertaking User Experience (UX) testing to ensure all our users have the best experience when using our products and improve the overall accessibility of them. For example, ensures web content is available to disabled (hearing/sight impaired) people.
Onsite support
Yes, at extra cost
Support levels
Buyer and supplier support
Support available to third parties
Yes

Onboarding and offboarding

Getting started
BiP will deliver detailed and comprehensive ‘Train the Trainer’ based training in the use of the system.
While the solution is designed to be intuitive and easily self-learned, formal training in each of the solution modules will be provided for key procurement staff. It is anticipated that training will play a major role during the introduction of the solution and will continue to be important as the scope of the service grows.
BiP have resources dedicated to the planning, production and delivery of training courses. We provide effective training through a variety of different learning methods such as:
• Classroom based workshops
• Training packs
• A training site
• Webinars.
BiP propose that the Trained Trainers will also be the live system’s SuperUser/ Administrators.

The BiP Helpdesk will assist the Administrators in the setting up of an organisation hierarchy and help them onboard other users.

Supplier onboarding is self service and BiP can assist in inviting existing suppliers to onboard.

Data onboarding is available as an additional cost option.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
BiP will support service migration contract end and will afford the new Contractor the same attention, courtesy and professionalism we would expect were the circumstances reversed. A register of all information assets associated with the service is maintained and this will be made available to any incoming contractor.

3 months before contract end, we will meet to:
• agree the strategy, methodology, scope, scale and timeframe
• provide an up-to-date exit plan
• agree the management structure.

We will cooperate in any phase-out/phase-in strategy to ensure service transfer with minimum user impact and to ensure continuity of service. We will provide the Authority with all necessary data and meta data to facilitate migration. In addition, we can provide a sample data set to enable any replacement contractor to carry out test migration prior to service cessation.

We will ensure that timescales are adhered to and relevant data and meta data is transferred. BiP can provide data offload to optical or magnetic media. Alternatively, BiP can arrange FTPS data transfer over the internet.
End-of-contract process
At the end of the contract BiP will:
• Cease service and affect any agreed data transfer but stay on standby if required
• Securely erase data (destroy magnetic/optical media) when requested
BiP will hold a copy of the data until the Authority formally accepts transfer and indicates that the data should be deleted.
BiP can maintain the Authority’s data in the live environment and provide read-only access to it, or archive and securely store the data for a defined period of time. Access to the archived data can be provided on an ad-hoc basis.. Both of these options are available at additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
The software is developed in line with Service Oriented Architecture methodologies. The software utilises well-defined interfaces using inter-operable modules integrated using XML descriptors and Java Spring’s unique dependency injection process. This provides interoperability and allows the model (data) or service (business logic) layers to be opened to third party systems.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The service interface is aligned with the standards met across all of our systems.
API
No
Customisation available
Yes
Description of customisation
Delta is a modular solution and users can choose to implement any or all modules. Users can opt for a branded EU compliant Buyer Profile or a deeply branded Buyer Portal. Custom integration can be carried out with back end financial systems. All customisation is carried out through the Change Control process and an Impact Statement determining the effect on time and price will be provided.

Scaling

Independence of resources
Delta has been designed with scalability in mind. BiP operates virtualised servers where individual services operate within a common infrastructure but are logically segregated in discrete service environments. Service components such as user management are also discrete. The service is provided from a VMWare based server cloud with NetApp and RAID storage. Internet access is via dual sourced 100Mbs fibre.

Analytics

Service usage metrics
Yes
Metrics types
The auditable activity log can provide usage reports by individual user and for the whole organisation. BiP can provide bespoke usage reports on request.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The Management Information menu provides standard reports such as the EU Statistical Return and a Notice Search facility. Authorised users also have the ability to quickly access organisation-wide reports on:
- Asset Count
- Tenderboxes
- PQQ’s
- Notices
- Quick Calls
- Contracts Registered
- Collaborations/Projects.
- Reports are also available on supplier lists:
- Select (e.g. Category) Lists
- Contract Lists
- Quick Calls Lists
- Additional bespoke reports can be created on request.
All reports are exported in XLS format.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • Oracle
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Target service availability is 99.9%
Approach to resilience
Each IT asset is suitably protected and can indeed be replaced in the event of loss. Resilience measures include:
• Data infrastructure built around an n+1 architecture
• Regular systematic backups of electronic media
• Testing backup and restoration procedures by restoring from backups at planned intervals
• Replication of paper copy assets (where appropriate).
• Multiple independent distribution paths serving the IT equipment
• Dual-powered IT equipment
• Concurrently maintainable site infrastructure
• Proven high bandwidth resilient internet connectivity (internet connectivity via 100mb/s fibre optic)

BiP operates an IT disaster recovery site located in another part of the UK. Mirroring BiP’s production landscape, the disaster recovery setup includes ESX servers and NetApp equipment in its infrastructure.

A full cold backup is taken of all application data every 24 hours. The web servers and Netapp storage arrays, which use a highly resilient RAID 6 configuration, are also replicated to the offsite disaster recovery facility. Block level differences are taken at real time intervals and sent to the DR facility using Netapp snapshots. This replication is conducted and transferred in real time to ensure no loss of data. Additionally full block level snapshots are scheduled on a 4 hourly basis.
Outage reporting
If a service is unavailable, a holding page will be provided advising users of the outage. User organisations will be alerted by email.

The system is automatically monitored 24/7 with automatic alerts sent to the network monitoring staff as required. At all times the hosted environment will be monitored by our internal and external monitoring system Xymon. For external monitoring, Xymon is installed on an external server to monitor availability of pages.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
All access is denied, except where it is explicitly granted. Each VMware Environment is managed for a dedicated virtual centre server. The system can only be accessed using the secure console. Insecure access methods are disabled and all unnecessary services are disabled. Secure Shell (SSH) access to the root user is blocked to the outside world. Internally, root level access is strictly controlled.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BM Trada
ISO/IEC 27001 accreditation date
3/9/20-16
What the ISO/IEC 27001 doesn’t cover
BiP Solutions has been audited and found to meet the requirements of standardISO/IEC 27001:2013 Information Security Management Systems Requirements.
Scope of certification: The Communication and Dissemination of Public Sector Contract Information and Supportive Materials. The Development of Related Software Applications and Hosting of Client Web Services. Event Organisation, Promotion and Management
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
The Information Security Management System is the responsibility of the Chief Information Officer, a BiP Board member. BiP’s senior management maintain awareness of relevant regulatory requirements and the information security policy is regularly reviewed to ensure compliance. This includes:
• Ensuring it meets the needs of the interested parties
• Ensuring compliance with ISO 27001, the Data Protection Act and Privacy and Electronic Communications Regulations
• Observing intellectual property rights and copyright to ensure fully recognised and only authorised copies of software are used
• Ensuring that BiP’s IT resources are not used inappropriately
• Enforcing appropriate information security systems and procedures.

As part of the ongoing Information Security Management System, regular internal and external audits are carried out to ensure that each applicable regulation is adhered to consistently. Audits are also carried out to test compliance with relevant Company policies and guidance documents.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
BiP’s Change Control Process is the formal process used to ensure that all requests to change a system are managed in a controlled, coordinated and cost-effective manner.
BiP operates logically separate service environments for Development, Testing and Live. System updates progress through these environments in a controlled manner. After stage testing, changes are deployed to the test environment where rigorous testing is carried out by our dedicated test analysts. Modules are security, stress and regression tested. A formal issue register is maintained and release from test is not permitted until all critical issues are cleared.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
BiP's Network Management team are tasked with ensuring all security threats are assessed for likelihood and impact. Patch assessment prioritises and ensures security critical patches are applied. Patches are normally applied during scheduled maintenance. Severe risks may result in a low-impact unscheduled maintenance window while critical risks may result in immediate suspension of service for application of security patches. All patches/hot-fixes recommended by the equipment/software vendors are installed, even if those services are temporarily or permanently disabled. BiP uses Sophos Endpoint Security to protect the network from viruses and Trojans.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Automated intrusion detection is in place. Abnormal server access is automatically alerted to network staff.
Security incidents are assessed, prioritised and managed in accordance protocols governed by the monitoring, network administration, incident management and other relevant policies. This includes root cause and the application of corrective and preventative actions.
If an incident impacts partner organisations or customers they will be informed of scale and implications.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
BiP confirms that pre-defined processes exist for events such as:
• Virus/malware on a production server
• Compromised account (email, active directory, etc.)
• Stolen property that contains company data – USB stick, phone, laptop.
Once the incident has been identified, the Chief Information Officer is alerted. An Incident Response Form is completed and sent to the Chief Information Officer via email or fax. All incidents must be reported as soon as possible.
If the incident has the potential to impact partner organisations or customers they will be contacted and informed of the scale and implications of the incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£14,000 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial of full Delta eSourcing solution for 2-week period, with module availability tailored to on customer requirements.

Service documents