We fund suppliers on the basis of public sector purchase orders. Buyers provide approved purchase orders and invoices and recover related costs at zero risk. The service automates the process. We connect suppliers to finance from funders who accept risk. Finance is at lower rates than normal.
- Low cost working capital for suppliers
- Working capital provided at PO stage, not invoice, therefore earlier.
- Purchase Order and Invoice finance.
- Automated processing
- Secure Connectivity
- Open standard technology stack
- Seamless interface to buyer ERP and other purchasing/finance systems
- Easy to set up
- Improved cash flow for all suppliers
- Management of liquidity in supply chain and security of supply
- Local economic benefits from enhanced liquidity
- Improved purchasing/AP processes
- Potential to generate returns for buyers
- Cost reduction throughout process
- Supports SME cash flow and stability
£0 to £0 per user
- Free trial available
Elcom Systems Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||No technical constraints, but supplier credit checks are required.|
|System requirements||Reasonably up to date Browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support is 24/7/365|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
Support is 09.00 to 17.00 UK working hours. This is standard with no additional cost in the normal case. Response is usually immediate but in any case within 1 working day.
Support is by:
• service desk
Professional Services are as per our rate card, but are not likely to be required with this service.
Further details in Service Definition Document
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Getting started includes full implementation, including interfaces to finance and legacy systems if required; onsite and remote support 24/7 and onsite training for buyers and suppliers if required.|
|Other documentation formats||MS Word|
|End-of-contract data extraction||If requested, at close of contract, customers may advise the format in which they wish to receive their data and we will normally provide what we have as required, subject to agreement on data ownership between buyers and suppliers.|
|End-of-contract process||Subject to agreement between buyers and suppliers on data ownership, we will normally provide relevant data in standard format. Any requested transformation of the data may be a chargeable professional service.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Full functionality is available on tablets and through standard browsers on mobile phones.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Our customers test with their internal users depending on individual needs, primarily with desktop set-ups configured for the visually impaired.|
|Independence of resources||Load is monitored and balanced at all times, with redundant server capacity available for peak demand. Server capacity as a whole is provided on the basis of regular reviews of load and trends in user activity.|
|Service usage metrics||Yes|
Multiple metrics including, for example,
-volume of transactions
-value of transactions
-transactions by type
-full audit trail of all activities
-service up time
All by user-defined period
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Data at rest is encrypted on a SAN device in the data center|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Elcom exports data to users in a specified format, for example into a data warehouse, or through flat file transfer, including SFTP transfer.|
|Data export formats||CSV|
|Data import formats||
|Other data import formats||Direct entry on screen|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Please see Service Definition Document for full details of SLAs|
|Approach to resilience||Backup, disaster recovery and resilience plans and measures are in place. Details are available on request.|
Email alerts and/or telephone calls to impacted customers
Further details in Service Definition Document
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||No one, including Elcom staff, has access to any part of the system without 2-factor authentication. All access is logged and a full audit trail is kept..|
|Access restriction testing frequency||At least once a year|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||SAS 70 Level II (Data Centre)|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||Our security governance aims for compliance with iso27001:2013|
|Information security policies and processes||
Elcom has a written security policy.
Security roles are defined and allocated to specific individuals. Responsibilities include firewalls and access security as well as the network.
A security incident is 'any breach of security on the Elcom infrastructure which may potentially lead to the disclosure of client data'. Logs are monitored and reviewed and incidents, or potential incidents, are reported and investigated immediately. The team works directly to the VP of IT who is a member of the management team reporting directly to the Chairman and CEO.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
All elements of the service are routinely monitored against emergent security threats and vulnerabilities. This includes potential future releases and features being brought into point releases.
Assessment is by internal review and third-party external quality control testing before changed or new elements are handed over to customers to complete there own testing.
Post go-live, annual penetration tests reconfirm security.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Monitoring and assessment is continuous. Our aim is to deploy patches or counter-measures before potential threats become real.
We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Monitoring and assessment is continuous. Our aim is to mitigate potential compromises before they become real. This includes working with local auditors if requested. We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified.
All potential compromises are dealt with as a matter of urgency, requiring immediate assessment then mitigation as appropriate.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident management is agreed with customers at set up. In the normal case, incidents are reported via a named person in the customer organisation to the Elcom service help desk. Usually reports are by email or phone call and logged immediately on the help desk system.
Customers can have access to the system to validate the incident is properly recorded and track progress to resolution.
Reporting is either through the help desk system or, if the customer wishes, separate incident reports for each incident.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£0 to £0 per user|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
The full service is free to public sector bodies.
Please see Service Definition Document for full details, including potential rebates for buyers
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|