rfxcel traceability system - rTS

rfxcel’s Traceability System provides supply chain security and serialisation solutions which enable full visibility of the supply chain and enables compliance with government regulations. rTS works with pharmaceutical, produce, food and beverage, and seafood use-cases. rTS includes common features such as auditing, workflow and security.


  • Serialisation Processing
  • Compliance Management
  • Ingredients Traceability
  • EU FMD Compliance
  • Environmental Monitoring
  • Level 4 Serialisation
  • Level 5 Serialisation
  • Blockchain Enabler
  • Real-Time Logistics Monitoring
  • Cold Chain monitoring


  • Communicate regulatory data to the appropriate agency or trading partner.
  • Generate and allocate serial numbers
  • Integrate with partner packaging systems
  • Submit compliance reports to the EMVO
  • Tracking and tracing of ingredients through the supply chain.
  • End-to-end visibility of goods as they progress through supply chain
  • Real time alerts allow immediate intervention to avoid temperature excursions


£14000 per instance per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 7 3 6 6 8 7 6 8 6 2 7 2 0 3



Simon Manley

+44 7799 470021


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to ERP, Level 1-3 Serialisation Solutions
Cloud deployment model Private cloud
Service constraints Rfxcel use private cloud, single tenant architecture.
We use a proven global hosting platform with multi-site hosting capability. All maintenance arrangements are decided and controlled by the end user.
System requirements Internet Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Rfxcel provides help desk support to customers after the rfxcel solution is deployed to production and the Hyper Care period has ended. Support calls are received by a rfxcel Support resource that is responsible for triaging the issue and works to address the reported problem or question.

Response times are within 1 business day as standard but an improved response time can be purchased.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels GOLD
During business hours
Within 1 business day
Included in the annual subscription

24 x 7
Within 4 hours
Included in annual subscription (higher cost)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Rfxcel's full-service offerings are provided by rfxcel’s Customer Success organisation which is responsible for implementation and ongoing support after release to production. Our service approach is distinguished by two core attributes:

rfxcel provides full-service implementation and onboarding services for all of our customers. Our goal is to minimise the work effort of our customers so that they can focus on their primary business.

rfxcel provides a seamless end-to-end service experience. We have the most extensive and mature implementation processes in the industry. Our Hyper Care service ensures a smooth transition to production.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Rfxcel will provide a data extraction for a nominal fee in whichever data format is required.
End-of-contract process At the end of the contract there are no ongoing costs and the service will be unavailable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile friendly design with the capability to scan using mobile.
Service interface No
Customisation available Yes
Description of customisation There are different views that can be configured within the service that show different sections of the software. User permissions and details can also be customised


Independence of resources Rfxcel provides customers with a private cloud architecture which means the resources of the private cloud server are dedicated to the customer and not shared between users.


Service usage metrics Yes
Metrics types Service reports are provided on request or at agreed intervals. All event metrics are visible within the rTS platform.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Master Data and individual reports can both be exported either via an EPCIS connection or via exporting to excel, csv, pdf, word, odf
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Gold: System uptime guarantee is 98%, excluding planned downtime.

Platinum: System uptime guarantee is 99.5%, excluding planned downtime.
Approach to resilience Rfxcel's hosted network centres maintain multiple, independent, redundant Internet Service Providers (ISP) to ensure high availability and minimise the risk of lost connections to the rfxcel hosted solution.

To aid failover, the primary Production database on DB server is constantly replicated to the secondary database on the DR server. This replication is 24x7 so the database on DR server is considered ‘near real-time’, as its data is a very close to real-time snapshot of the primary database on DB server. This is a one-way asynchronous replication. This design allows for best performance on the primary servers. Monitoring of the database replication is done, to verify replication is working as intended.

Additional details regarding rfxcel’s disaster recovery procedures is documented in “RFX-40-144 Disaster Recovery Plan Rackspace” and will be provided by rfxcel to customers.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels RTS provides role-based security that can be allocated to a user. Multiple user-roles can be allocated to a user. If more than one role is assigned to a user, then rTS will grant the most-privilege level of access, e.g. User-Role#1 can access A, B, C and User-Role#2 can access A, C. If a user is assigned to both Roles then the user will have access to A, B, C.
Other Security Features Supported:
• Support SSO and LDAP connectivity
• Support via rIS and rfxchange for all common secure connection and encryption protocols such as SSL/TLS, AS2, HTTPS, SFTP, FTPS
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Other
Description of management access authentication Support via rIS and rfxchange for all common secure connection and encryption protocols such as SSL/TLS, AS2, HTTPS, SFTP, FTPS

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 21/10/2009
What the ISO/IEC 27001 doesn’t cover This certification applies to our hosting partner, Rackspace, and covers all infrastructure and security. rfxcel has ISO 9001 certification and is in the process of obtaining ISO 27001.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO9001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our security policy is laid out in rfXcel Security Policy document -20-115 and follows the below approval process.

Roy Devadas - VP Operations
Amit Sewak - Director Quality Management

This policy establishes information security requirements for rfXcel to ensure that rfXcel confidential information and technologies are not compromised, and that production services and other rfXcel interests are protected from team activities.

This policy applies to all internally connected development teams, rfXcel employees including our Chennai development center, and any third parties/sub-contractors who access rfXcel’s systems.
The security officer for rfXcel is the Vice President of Operations.

The rfXcel Security Officer is responsible for maintaining this documentation.
rfXcel Management is responsible for approving this procedure.
The rfXcel Security Officer is responsible for collecting and ensuring all documentation is retained, if required.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration of the system is managed through 2 Configuration Specification documents
CS (Config Spec) for the base build
CSA (Config Spec Addendum) for client specific requirements

The purpose of this document is to define the process of the software change control that is to be used during development, operations and maintenance phase of a production computerized system (herein referred to as system) and its associated supporting infrastructure.
This document ensures changes and their impact are understood and agreed upon by affected stakeholders.

Changes are tracked using our RFX-70-04 form and are approved by our Director of Quality Management Amit Sewak.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our hosting partner maintains an ISO27001 certified internal vulnerability management programme that includes regular vulnerability assessments of the corporate network intended to identify, assess and remediate technical vulnerabilities. In addition, the PCI Merchant program requires quarterly scans of the internal network for vulnerabilities; remediation follows PCI standard guidelines.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our hosting partner, Rackspace have their data centres and Network Operations Center (NOC) manned 24/7/365.

Numerous monitoring levels are available depending on service level and segment. Rackspace's experienced technicians will automatically take action in your best interest within agreed support procedures.

Please note that the level of alerting and monitoring depends on the service selected.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Rackspace will work on restoring normal service as quickly as possible when a security problem or incident occurs. Rackspace will apply a consistent approach to all incidents, except where a specific approach is agreed upon with you in accordance with your account’s custom runbook. Rackspace is responsible for remediating issues with the customer’s approval. Sometimes approval is completed during the onboarding process (preapproved actions). If remediation falls outside the preapproved actions list, we will seek approval from the customer before leveraging CSOC system administrators or additional Rackspace support teams in order to execute the remediation plan.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks
  • EMVO
  • NMVS


Price £14000 per instance per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑