Delta eSourcing allows buying organisations to manage tenders, suppliers and contracts in a single solution.
Securely hosted, UK and EU compliant service.
Modules: Buyer Profile and Portal, Tender Manager, Supplier Manager, Contract Manager, Project and Workspace Manager, Quick Call and eAuctions.
Keywords: E-Sourcing, E-Tendering, Electronic Sourcing, eProcurement, E-Procurement, Electronic Procurement
- Publish direct to OJEU, Contracts Finder and buyer profile/portal
- Online PQQ, RFI, RFP, RFT, Tender Box and Auctions
- Auto-score online questionnaires
- Register contracts, set reminders, record performance and variance
- Fully branded Buyer Profile with contract noticeboard
- Custom portals with alerts, contracts and opportunities notice board
- Create project workspaces, assign roles and work collaboratively
- Buyer and supplier helpdesk service
- Database of more than 120,000 registered suppliers
- ISO27001/Cyber Essentials accredited hosting, disaster Recovery and Business Continuity
- eSourcing and eTendering Compliant with UK legislation and EU regulations
- Extensive pool of potential suppliers
- Find suitable suppliers and invite them to bid
- Plan and execute complex procurement projects
- Save time by auto-scoring online questionnaires
- Online repository of contract and supplier performance information
- Secure auditable activity log
- Work collaboratively with other departments and buying organisations
- Assured confidentiality, integrity and availability
- Full helpdesk support for buyers and suppliers: email, telephone, live-chat
£11900 per licence per year
- Education pricing available
4 1 2 6 3 2 5 5 6 9 2 8 3 2 4
BiP Solutions Ltd
0141 270 7090
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Planned maintenance scheduled for low activity periods. Typically Tuesday evening. Maintenance can be rescheduled in case of conflict with a priority procurement event such as Tender Box closing.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
• 99% of emailed enquiries highlighting an issue will be responded to within 24 hours.
• 99% of emailed enquiries highlighting a service improvement request will be acknowledged within 1 business day.
• 99% of emailed enquiries highlighting an improvement wish will be responded to detailing status with regard to development roadmap within to within 14 working days.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||We are undertaking User Experience (UX) testing to ensure all our users have the best experience when using our products and improve the overall accessibility of them. For example, ensures web content is available to disabled (hearing/sight impaired) people.|
|Onsite support||Yes, at extra cost|
|Support levels||Buyer and supplier support|
|Support available to third parties||Yes|
Onboarding and offboarding
BiP will deliver detailed and comprehensive ‘Train the Trainer’ based training in the use of the system.
While the solution is designed to be intuitive and easily self-learned, formal training in each of the solution modules will be provided for key procurement staff. It is anticipated that training will play a major role during the introduction of the solution and will continue to be important as the scope of the service grows.
BiP have resources dedicated to the planning, production and delivery of training courses. We provide effective training through a variety of different learning methods such as:
• Classroom based workshops
• Training packs
• A training site
BiP propose that the Trained Trainers will also be the live system’s SuperUser/ Administrators.
The BiP Helpdesk will assist the Administrators in the setting up of an organisation hierarchy and help them onboard other users.
Supplier onboarding is self service and BiP can assist in inviting existing suppliers to onboard.
Data onboarding is available as an additional cost option.
|End-of-contract data extraction||
BiP will support service migration contract end and will afford the new Contractor the same attention, courtesy and professionalism we would expect were the circumstances reversed. A register of all information assets associated with the service is maintained and this will be made available to any incoming contractor.
3 months before contract end, we will meet to:
• agree the strategy, methodology, scope, scale and timeframe
• provide an up-to-date exit plan
• agree the management structure.
We will cooperate in any phase-out/phase-in strategy to ensure service transfer with minimum user impact and to ensure continuity of service. We will provide the Authority with all necessary data and meta data to facilitate migration. In addition, we can provide a sample data set to enable any replacement contractor to carry out test migration prior to service cessation.
We will ensure that timescales are adhered to and relevant data and meta data is transferred. BiP can provide data offload to optical or magnetic media. Alternatively, BiP can arrange FTPS data transfer over the internet.
At the end of the contract BiP will:
• Cease service and affect any agreed data transfer but stay on standby if required
• Securely erase data (destroy magnetic/optical media) when requested
BiP will hold a copy of the data until the Authority formally accepts transfer and indicates that the data should be deleted.
BiP can maintain the Authority’s data in the live environment and provide read-only access to it, or archive and securely store the data for a defined period of time. Access to the archived data can be provided on an ad-hoc basis.. Both of these options are available at additional cost.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of service interface||The software is developed in line with Service Oriented Architecture methodologies. The software utilises well-defined interfaces using inter-operable modules integrated using XML descriptors and Java Spring’s unique dependency injection process. This provides interoperability and allows the model (data) or service (business logic) layers to be opened to third party systems.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||The service interface is aligned with the standards met across all of our systems.|
|Description of customisation||Delta is a modular solution and users can choose to implement any or all modules. Users can opt for a branded EU compliant Buyer Profile or a deeply branded Buyer Portal. Custom integration can be carried out with back end financial systems. All customisation is carried out through the Change Control process and an Impact Statement determining the effect on time and price will be provided.|
|Independence of resources||Delta has been designed with scalability in mind. BiP operates virtualised servers where individual services operate within a common infrastructure but are logically segregated in discrete service environments. Service components such as user management are also discrete. The service is provided from a VMWare based server cloud with NetApp and RAID storage. Internet access is via dual sourced 100Mbs fibre.|
|Service usage metrics||Yes|
|Metrics types||The auditable activity log can provide usage reports by individual user and for the whole organisation. BiP can provide bespoke usage reports on request.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
The Management Information menu provides standard reports such as the EU Statistical Return and a Notice Search facility. Authorised users also have the ability to quickly access organisation-wide reports on:
- Asset Count
- Quick Calls
- Contracts Registered
- Reports are also available on supplier lists:
- Select (e.g. Category) Lists
- Contract Lists
- Quick Calls Lists
- Additional bespoke reports can be created on request.
All reports are exported in XLS format.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Target service availability is 99.9%|
|Approach to resilience||
Each IT asset is suitably protected and can indeed be replaced in the event of loss. Resilience measures include:
• Data infrastructure built around an n+1 architecture
• Regular systematic backups of electronic media
• Testing backup and restoration procedures by restoring from backups at planned intervals
• Replication of paper copy assets (where appropriate).
• Multiple independent distribution paths serving the IT equipment
• Dual-powered IT equipment
• Concurrently maintainable site infrastructure
• Proven high bandwidth resilient internet connectivity (internet connectivity via 100mb/s fibre optic)
BiP operates an IT disaster recovery site located in another part of the UK. Mirroring BiP’s production landscape, the disaster recovery setup includes ESX servers and NetApp equipment in its infrastructure.
A full cold backup is taken of all application data every 24 hours. The web servers and Netapp storage arrays, which use a highly resilient RAID 6 configuration, are also replicated to the offsite disaster recovery facility. Block level differences are taken at real time intervals and sent to the DR facility using Netapp snapshots. This replication is conducted and transferred in real time to ensure no loss of data. Additionally full block level snapshots are scheduled on a 4 hourly basis.
If a service is unavailable, a holding page will be provided advising users of the outage. User organisations will be alerted by email.
The system is automatically monitored 24/7 with automatic alerts sent to the network monitoring staff as required. At all times the hosted environment will be monitored by our internal and external monitoring system Xymon. For external monitoring, Xymon is installed on an external server to monitor availability of pages.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||All access is denied, except where it is explicitly granted. Each VMware Environment is managed for a dedicated virtual centre server. The system can only be accessed using the secure console. Insecure access methods are disabled and all unnecessary services are disabled. Secure Shell (SSH) access to the root user is blocked to the outside world. Internally, root level access is strictly controlled.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BM Trada|
|ISO/IEC 27001 accreditation date||3/9/20-16|
|What the ISO/IEC 27001 doesn’t cover||
BiP Solutions has been audited and found to meet the requirements of standardISO/IEC 27001:2013 Information Security Management Systems Requirements.
Scope of certification: The Communication and Dissemination of Public Sector Contract Information and Supportive Materials. The Development of Related Software Applications and Hosting of Client Web Services. Event Organisation, Promotion and Management
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||Cyber Essentials|
|Information security policies and processes||
The Information Security Management System is the responsibility of the Chief Information Officer, a BiP Board member. BiP’s senior management maintain awareness of relevant regulatory requirements and the information security policy is regularly reviewed to ensure compliance. This includes:
• Ensuring it meets the needs of the interested parties
• Ensuring compliance with ISO 27001, the Data Protection Act and Privacy and Electronic Communications Regulations
• Observing intellectual property rights and copyright to ensure fully recognised and only authorised copies of software are used
• Ensuring that BiP’s IT resources are not used inappropriately
• Enforcing appropriate information security systems and procedures.
As part of the ongoing Information Security Management System, regular internal and external audits are carried out to ensure that each applicable regulation is adhered to consistently. Audits are also carried out to test compliance with relevant Company policies and guidance documents.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
BiP’s Change Control Process is the formal process used to ensure that all requests to change a system are managed in a controlled, coordinated and cost-effective manner.
BiP operates logically separate service environments for Development, Testing and Live. System updates progress through these environments in a controlled manner. After stage testing, changes are deployed to the test environment where rigorous testing is carried out by our dedicated test analysts. Modules are security, stress and regression tested. A formal issue register is maintained and release from test is not permitted until all critical issues are cleared.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||BiP's Network Management team are tasked with ensuring all security threats are assessed for likelihood and impact. Patch assessment prioritises and ensures security critical patches are applied. Patches are normally applied during scheduled maintenance. Severe risks may result in a low-impact unscheduled maintenance window while critical risks may result in immediate suspension of service for application of security patches. All patches/hot-fixes recommended by the equipment/software vendors are installed, even if those services are temporarily or permanently disabled. BiP uses Sophos Endpoint Security to protect the network from viruses and Trojans.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Automated intrusion detection is in place. Abnormal server access is automatically alerted to network staff.
Security incidents are assessed, prioritised and managed in accordance protocols governed by the monitoring, network administration, incident management and other relevant policies. This includes root cause and the application of corrective and preventative actions.
If an incident impacts partner organisations or customers they will be informed of scale and implications.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
BiP confirms that pre-defined processes exist for events such as:
• Virus/malware on a production server
• Compromised account (email, active directory, etc.)
• Stolen property that contains company data – USB stick, phone, laptop.
Once the incident has been identified, the Chief Information Officer is alerted. An Incident Response Form is completed and sent to the Chief Information Officer via email or fax. All incidents must be reported as soon as possible.
If the incident has the potential to impact partner organisations or customers they will be contacted and informed of the scale and implications of the incident.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£11900 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|