Zipporah Ltd

Zipporah Merchant - E-Commerce

Zipporah Merchant E-Commerce solution allows users to purchase any products or services that your organisation offers. The system allows users to view and buy multiple products and services offered via a shopping cart. It offers a comprehensive order fulfilment function and provides confirmation of order with a full VAT receipt.

Features

  • Self service improves access, reduces staff intervention
  • Easy management and recording of information
  • Run reports on income / orders for specific products/ locations
  • Workflow purchases of goods and services through the system
  • Create data capture forms for automatic databasing of key information
  • Associates products to business areas to create workflows
  • Coordinates logic questions to relevant users & sets up VAT
  • Manages products, services & accounting codes for reconciliation
  • Additional access channels for staff of varying types / locations
  • Purchase from any device connected to the web, 24/7

Benefits

  • Automation of sales processes reduces staff workloads
  • Delivers a more informed, convenient and efficient service
  • Otherwise complicated rules and considerations handled without staff intervention
  • Reduces missed calls and implementing resources to cover services
  • Transaction costs reduced from tens of pounds to pence

Pricing

£17400 per licence per year

Service documents

G-Cloud 9

462682766946240

Zipporah Ltd

Jonathan or Tristan

02920 647048

gcloud@zipporah.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard support: Mon-Fri, 09.00 - 17.00 - Enhanced support is available 24/7
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Zipporah support provides first line support telephone and email support is included within service charge for the annual use of the software solutions. This is support is provided Monday to Friday from 09:00 - 17:00. A dedicated support team is provided to support any issues that you might experience. In addition the up-time guarantee for the service is 99.5% based on 24/7/365 days of the year.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Zipporah uses a phased approach to deliver a controlled and logical project roll out to make the process of on-boarding as straightforward as possible. Every project is led by an experienced Zipporah project manager who will co-ordinate a cross functional team within Zipporah and liaise with client side staff. Initially Zipporah will provide a base lined version of the system in order to ensure an understanding of the client's full requirements and how the system delivers these. This will form the basis of meetings between Zipporah and the various business users to identify system changes and configurations needed. These will be confirmed by the client and Zipporah through a clear document for both parties to sign-off. Zipporah provides training for system end users as a 'train the trainer' approach. We provide user guides where each process and function is detailed and explained. The training sessions are a 'hands on' experience with scenarios set for attendees to ensure a full understanding of how to use the system. Zipporah also provide a Product Specialist resource where users can contact us and ask for clarification or advice. We also have FAQs on our website as well as videos showing step by step guides.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Zipporah is able to provide the customer with a complete database in Microsoft CSV, XML or Excel formats as standard. We are also able to offer a number of other formats which would be discussed on a case-by-case basis.
End-of-contract process There are no additional costs at the end of the contract. Zipporah provide customers with it's data in Microsoft formats.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Zipporah has worked with all of its clients to ensure that its applications are fully compliant with these standards. This includes working with the clients own testing teams to ensure that we meet these standard as a minimum Interface testing has included validation reports for your HTML and CSS for a landing page and a page containing a transactional form. Zipporah utilises validation tools to maintain these standards. In addition the output from the audits panel of Google Chrome’s developer tools are also utilised.
API Yes
What users can and can't do using the API Any API required would be attached to the relevant Zipporah solutions purchased by the client.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Zipporah solution is a highly configurable and customisable solution that allows the user to control and customise many public facing elements and back office views as desired.

Intuitive tools, provided through the user-interface allows the user the ability to edit emails and page content so that they can create a solution which has their full look and feel.

Users are able to customise a wide-variety of the purchase processes as well as the status and workflow of orders received.

The system also includes the ability for roles to be defined which determines user access. This customisation of roles allows the system administrator to define who has the authority to customise various elements of the system.

Form builders within the module also allow for the customisation of the order process to define what information you want to capture based on what somebody is looking to purchase.

Scaling

Scaling
Independence of resources We supply individual hosting for clients based on their needs or requirements. Clients therefore have their own, dedicated server which ensures no interference with the solution. Clients are able to opt for shared hosting, in which case we isolate every client through the options provided to us via IIS and put upper limits on each individual site.

Analytics

Analytics
Service usage metrics Yes
Metrics types The service metrics we provide are within an array of application specific reporting suites. These reports allow clients to access a wide range of metrics from systems and provide comprehensive and clear information about how the service is functioning.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are a number of standard reports that contain all system information - the user is able to export these in a number of Microsoft formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Spreadsheet
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Spreadsheet

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Standard SLA covers: 99.5% monthly network up-time guarantee, 5-hour hardware failure response time Credit allowances for hardware or network failure beyond SLAs 24.7 automated SLA monitoring and notification. On top of this we offer a network guarantee of 99.5% monthly network up-time for our ISP network. In the event of a network fault that takes your server off-line, we will offer a credit allowance.
Approach to resilience Available on request.
Outage reporting Networks are continuously and automatically monitored. Zipporah are immediately informed of any potential problem so that it is normally rectified before your service is affected. If any complications arise, the support team will be in regular contact to update clients of on-going progress and expected resolution time-frames. This service would usually be provided via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Identity and authentication controls restrict access through the following mechanisms: Authentication federation, Username and password, Username and strong password/passphrase enforcement.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 CfA
ISO/IEC 27001 accreditation date 22/06/2016
What the ISO/IEC 27001 doesn’t cover Everything is covered by our ISO 27001 accreditation.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Zipporah information security policy covers all forms of information security such as data stored on computers, transmitted across networks, printed or written on paper, stored on discs and drives, stored on the Cloud or spoken in conversation or over the telephone. All managers are directly responsible for implementing the Policy within their business areas, and for adherence by their staff. It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable in those instances where staff fail to abide by this or any other Zipporah Ltd security policy. It is the policy of the company to ensure that information will be protected against unauthorised access, that confidentiality of information is assured, that integrity of information is maintained, that regulatory and legislative requirements regarding intellectual property rights, data protection and privacy of personal information are met, that business continuity & disaster recovery plans will be produced, maintained and tested, that staff shall receive sufficient information security training and that all risks are identified, measured, communicated, controlled and where necessary, reduced in magnitude. All breaches of information security, actual or suspected are reported and investigated by the Zipporah Security and Risk Committee.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Zipporah use SVN as our code library which maintains all changes and check-ins performed on Zipporah code, allowing us to compare any check-ins to review what was done. The use of SVN allows us to manage branching of our solutions to maintain versions for specific clients. Zipporah operate a job monitoring system allowing monitoring of support and development jobs. Jobs are matched to check-ins to reference change and reasons for change. In achieving accreditation for ISO27001:2015 we have processes for designing and writing software including security considerations and impacts. This includes stages of peer review for security and pen testing.
Vulnerability management type Undisclosed
Vulnerability management approach We have a Cisco ASA 5516 firewall with Firepower. Windows updates through GFI, deploying Critical updates automatically. We obtain all the cyber threats through firesight management and have also been given a portal to Mi5’s Cyber security.
Protective monitoring type Undisclosed
Protective monitoring approach Our data centre deploys the Cisco Firesight Management Center alongside Cisco 5516x firePOWER IPS, Apps, AMP and URL with Smartnet.
Incident management type Undisclosed
Incident management approach As part of our ISO 27001 and 9001 certifications Zipporah has a complete process to for Non-Conformance Control, Information Security Incidents & Corrective Actions. Any non conformance report can be submitted via telephone or email. Corrective Actions and Actions to Prevent Recurrence are identified and recorded on the NCR. Once complete NCR’s when appropriate are returned to the customer, then filed and reviewed at the Management Review Meeting.

Incidents can be reported through a variety of means whether directly to our support system or via telephone. Equally where we have automated tools this may issue us alerts.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £17400 per licence per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑