BiP Solutions Ltd

Delta eSourcing

Delta eSourcing allows buying organisations to manage tenders, suppliers and contracts in a single solution.
Securely hosted, UK and EU compliant service.

Modules: Buyer Profile and Portal, Tender Manager, Supplier Manager, Contract Manager, Project and Workspace Manager, Quick Call and eAuctions.

Keywords: E-Sourcing, E-Tendering, Electronic Sourcing, eProcurement, E-Procurement, Electronic Procurement


  • Publish direct to OJEU, Contracts Finder and buyer profile/portal
  • Online PQQ, RFI, RFP, RFT, Tender Box and Auctions
  • Auto-score online questionnaires
  • Register contracts, set reminders, record performance and variance
  • Fully branded Buyer Profile with contract noticeboard
  • Custom portals with alerts, contracts and opportunities notice board
  • Create project workspaces, assign roles and work collaboratively
  • Buyer and supplier helpdesk service
  • Database of more than 120,000 registered suppliers
  • ISO27001/Cyber Essentials accredited hosting, disaster Recovery and Business Continuity


  • eSourcing and eTendering Compliant with UK legislation and EU regulations
  • Extensive pool of potential suppliers
  • Find suitable suppliers and invite them to bid
  • Plan and execute complex procurement projects
  • Save time by auto-scoring online questionnaires
  • Online repository of contract and supplier performance information
  • Secure auditable activity log
  • Work collaboratively with other departments and buying organisations
  • Assured confidentiality, integrity and availability
  • Full helpdesk support for buyers and suppliers: email, telephone, live-chat


£11900 per licence per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 1 2 6 3 2 5 5 6 9 2 8 3 2 4


BiP Solutions Ltd

Anne McKinnon

0141 270 7090

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Planned maintenance scheduled for low activity periods. Typically Tuesday evening. Maintenance can be rescheduled in case of conflict with a priority procurement event such as Tender Box closing.
System requirements
  • Internet access
  • JavaScript enabled browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times • 99% of emailed enquiries highlighting an issue will be responded to within 24 hours.

• 99% of emailed enquiries highlighting a service improvement request will be acknowledged within 1 business day.

• 99% of emailed enquiries highlighting an improvement wish will be responded to detailing status with regard to development roadmap within to within 14 working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We are undertaking User Experience (UX) testing to ensure all our users have the best experience when using our products and improve the overall accessibility of them. For example, ensures web content is available to disabled (hearing/sight impaired) people.
Onsite support Yes, at extra cost
Support levels Buyer and supplier support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started BiP will deliver detailed and comprehensive ‘Train the Trainer’ based training in the use of the system.
While the solution is designed to be intuitive and easily self-learned, formal training in each of the solution modules will be provided for key procurement staff. It is anticipated that training will play a major role during the introduction of the solution and will continue to be important as the scope of the service grows.
BiP have resources dedicated to the planning, production and delivery of training courses. We provide effective training through a variety of different learning methods such as:
• Classroom based workshops
• Training packs
• A training site
• Webinars.
BiP propose that the Trained Trainers will also be the live system’s SuperUser/ Administrators.

The BiP Helpdesk will assist the Administrators in the setting up of an organisation hierarchy and help them onboard other users.

Supplier onboarding is self service and BiP can assist in inviting existing suppliers to onboard.

Data onboarding is available as an additional cost option.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction BiP will support service migration contract end and will afford the new Contractor the same attention, courtesy and professionalism we would expect were the circumstances reversed. A register of all information assets associated with the service is maintained and this will be made available to any incoming contractor.

3 months before contract end, we will meet to:
• agree the strategy, methodology, scope, scale and timeframe
• provide an up-to-date exit plan
• agree the management structure.

We will cooperate in any phase-out/phase-in strategy to ensure service transfer with minimum user impact and to ensure continuity of service. We will provide the Authority with all necessary data and meta data to facilitate migration. In addition, we can provide a sample data set to enable any replacement contractor to carry out test migration prior to service cessation.

We will ensure that timescales are adhered to and relevant data and meta data is transferred. BiP can provide data offload to optical or magnetic media. Alternatively, BiP can arrange FTPS data transfer over the internet.
End-of-contract process At the end of the contract BiP will:
• Cease service and affect any agreed data transfer but stay on standby if required
• Securely erase data (destroy magnetic/optical media) when requested
BiP will hold a copy of the data until the Authority formally accepts transfer and indicates that the data should be deleted.
BiP can maintain the Authority’s data in the live environment and provide read-only access to it, or archive and securely store the data for a defined period of time. Access to the archived data can be provided on an ad-hoc basis.. Both of these options are available at additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface The software is developed in line with Service Oriented Architecture methodologies. The software utilises well-defined interfaces using inter-operable modules integrated using XML descriptors and Java Spring’s unique dependency injection process. This provides interoperability and allows the model (data) or service (business logic) layers to be opened to third party systems.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing The service interface is aligned with the standards met across all of our systems.
Customisation available Yes
Description of customisation Delta is a modular solution and users can choose to implement any or all modules. Users can opt for a branded EU compliant Buyer Profile or a deeply branded Buyer Portal. Custom integration can be carried out with back end financial systems. All customisation is carried out through the Change Control process and an Impact Statement determining the effect on time and price will be provided.


Independence of resources Delta has been designed with scalability in mind. BiP operates virtualised servers where individual services operate within a common infrastructure but are logically segregated in discrete service environments. Service components such as user management are also discrete. The service is provided from a VMWare based server cloud with NetApp and RAID storage. Internet access is via dual sourced 100Mbs fibre.


Service usage metrics Yes
Metrics types The auditable activity log can provide usage reports by individual user and for the whole organisation. BiP can provide bespoke usage reports on request.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The Management Information menu provides standard reports such as the EU Statistical Return and a Notice Search facility. Authorised users also have the ability to quickly access organisation-wide reports on:
- Asset Count
- Tenderboxes
- PQQ’s
- Notices
- Quick Calls
- Contracts Registered
- Collaborations/Projects.
- Reports are also available on supplier lists:
- Select (e.g. Category) Lists
- Contract Lists
- Quick Calls Lists
- Additional bespoke reports can be created on request.
All reports are exported in XLS format.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • Oracle
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Target service availability is 99.9%
Approach to resilience Each IT asset is suitably protected and can indeed be replaced in the event of loss. Resilience measures include:
• Data infrastructure built around an n+1 architecture
• Regular systematic backups of electronic media
• Testing backup and restoration procedures by restoring from backups at planned intervals
• Replication of paper copy assets (where appropriate).
• Multiple independent distribution paths serving the IT equipment
• Dual-powered IT equipment
• Concurrently maintainable site infrastructure
• Proven high bandwidth resilient internet connectivity (internet connectivity via 100mb/s fibre optic)

BiP operates an IT disaster recovery site located in another part of the UK. Mirroring BiP’s production landscape, the disaster recovery setup includes ESX servers and NetApp equipment in its infrastructure.

A full cold backup is taken of all application data every 24 hours. The web servers and Netapp storage arrays, which use a highly resilient RAID 6 configuration, are also replicated to the offsite disaster recovery facility. Block level differences are taken at real time intervals and sent to the DR facility using Netapp snapshots. This replication is conducted and transferred in real time to ensure no loss of data. Additionally full block level snapshots are scheduled on a 4 hourly basis.
Outage reporting If a service is unavailable, a holding page will be provided advising users of the outage. User organisations will be alerted by email.

The system is automatically monitored 24/7 with automatic alerts sent to the network monitoring staff as required. At all times the hosted environment will be monitored by our internal and external monitoring system Xymon. For external monitoring, Xymon is installed on an external server to monitor availability of pages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All access is denied, except where it is explicitly granted. Each VMware Environment is managed for a dedicated virtual centre server. The system can only be accessed using the secure console. Insecure access methods are disabled and all unnecessary services are disabled. Secure Shell (SSH) access to the root user is blocked to the outside world. Internally, root level access is strictly controlled.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BM Trada
ISO/IEC 27001 accreditation date 3/9/20-16
What the ISO/IEC 27001 doesn’t cover BiP Solutions has been audited and found to meet the requirements of standardISO/IEC 27001:2013 Information Security Management Systems Requirements.
Scope of certification: The Communication and Dissemination of Public Sector Contract Information and Supportive Materials. The Development of Related Software Applications and Hosting of Client Web Services. Event Organisation, Promotion and Management
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes The Information Security Management System is the responsibility of the Chief Information Officer, a BiP Board member. BiP’s senior management maintain awareness of relevant regulatory requirements and the information security policy is regularly reviewed to ensure compliance. This includes:
• Ensuring it meets the needs of the interested parties
• Ensuring compliance with ISO 27001, the Data Protection Act and Privacy and Electronic Communications Regulations
• Observing intellectual property rights and copyright to ensure fully recognised and only authorised copies of software are used
• Ensuring that BiP’s IT resources are not used inappropriately
• Enforcing appropriate information security systems and procedures.

As part of the ongoing Information Security Management System, regular internal and external audits are carried out to ensure that each applicable regulation is adhered to consistently. Audits are also carried out to test compliance with relevant Company policies and guidance documents.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach BiP’s Change Control Process is the formal process used to ensure that all requests to change a system are managed in a controlled, coordinated and cost-effective manner.
BiP operates logically separate service environments for Development, Testing and Live. System updates progress through these environments in a controlled manner. After stage testing, changes are deployed to the test environment where rigorous testing is carried out by our dedicated test analysts. Modules are security, stress and regression tested. A formal issue register is maintained and release from test is not permitted until all critical issues are cleared.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach BiP's Network Management team are tasked with ensuring all security threats are assessed for likelihood and impact. Patch assessment prioritises and ensures security critical patches are applied. Patches are normally applied during scheduled maintenance. Severe risks may result in a low-impact unscheduled maintenance window while critical risks may result in immediate suspension of service for application of security patches. All patches/hot-fixes recommended by the equipment/software vendors are installed, even if those services are temporarily or permanently disabled. BiP uses Sophos Endpoint Security to protect the network from viruses and Trojans.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Automated intrusion detection is in place. Abnormal server access is automatically alerted to network staff.
Security incidents are assessed, prioritised and managed in accordance protocols governed by the monitoring, network administration, incident management and other relevant policies. This includes root cause and the application of corrective and preventative actions.
If an incident impacts partner organisations or customers they will be informed of scale and implications.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach BiP confirms that pre-defined processes exist for events such as:
• Virus/malware on a production server
• Compromised account (email, active directory, etc.)
• Stolen property that contains company data – USB stick, phone, laptop.
Once the incident has been identified, the Chief Information Officer is alerted. An Incident Response Form is completed and sent to the Chief Information Officer via email or fax. All incidents must be reported as soon as possible.
If the incident has the potential to impact partner organisations or customers they will be contacted and informed of the scale and implications of the incident.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £11900 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑