rfxcel traceability system - rTS
rfxcel’s Traceability System provides supply chain security and serialisation solutions which enable full visibility of the supply chain and enables compliance with government regulations. rTS works with pharmaceutical, produce, food and beverage, and seafood use-cases. rTS includes common features such as auditing, workflow and security.
- Serialisation Processing
- Compliance Management
- Ingredients Traceability
- EU FMD Compliance
- Environmental Monitoring
- Level 4 Serialisation
- Level 5 Serialisation
- Blockchain Enabler
- Real-Time Logistics Monitoring
- Cold Chain monitoring
- Communicate regulatory data to the appropriate agency or trading partner.
- Generate and allocate serial numbers
- Integrate with partner packaging systems
- Submit compliance reports to the EMVO
- Tracking and tracing of ingredients through the supply chain.
- End-to-end visibility of goods as they progress through supply chain
- Real time alerts allow immediate intervention to avoid temperature excursions
£14000 per instance per year
- Education pricing available
+44 798 4455333
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||ERP, Level 1-3 Serialisation Solutions|
|Cloud deployment model||Private cloud|
Rfxcel use private cloud, single tenant architecture.
We use a proven global hosting platform with multi-site hosting capability. All maintenance arrangements are decided and controlled by the end user.
|System requirements||Internet Browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Rfxcel provides help desk support to customers after the rfxcel solution is deployed to production and the Hyper Care period has ended. Support calls are received by a rfxcel Support resource that is responsible for triaging the issue and works to address the reported problem or question.
Response times are within 1 business day as standard but an improved response time can be purchased.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
During business hours
Within 1 business day
Included in the annual subscription
24 x 7
Within 4 hours
Included in annual subscription (higher cost)
|Support available to third parties||Yes|
Onboarding and offboarding
Rfxcel's full-service offerings are provided by rfxcel’s Customer Success organisation which is responsible for implementation and ongoing support after release to production. Our service approach is distinguished by two core attributes:
rfxcel provides full-service implementation and onboarding services for all of our customers. Our goal is to minimise the work effort of our customers so that they can focus on their primary business.
rfxcel provides a seamless end-to-end service experience. We have the most extensive and mature implementation processes in the industry. Our Hyper Care service ensures a smooth transition to production.
|End-of-contract data extraction||Rfxcel will provide a data extraction for a nominal fee in whichever data format is required.|
|End-of-contract process||At the end of the contract there are no ongoing costs and the service will be unavailable.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile friendly design with the capability to scan using mobile.|
|Description of customisation||There are different views that can be configured within the service that show different sections of the software. User permissions and details can also be customised|
|Independence of resources||Rfxcel provides customers with a private cloud architecture which means the resources of the private cloud server are dedicated to the customer and not shared between users.|
|Service usage metrics||Yes|
|Metrics types||Service reports are provided on request or at agreed intervals. All event metrics are visible within the rTS platform.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Master Data and individual reports can both be exported either via an EPCIS connection or via exporting to excel, csv, pdf, word, odf|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Gold: System uptime guarantee is 98%, excluding planned downtime.
Platinum: System uptime guarantee is 99.5%, excluding planned downtime.
|Approach to resilience||
Rfxcel's hosted network centres maintain multiple, independent, redundant Internet Service Providers (ISP) to ensure high availability and minimise the risk of lost connections to the rfxcel hosted solution.
To aid failover, the primary Production database on DB server is constantly replicated to the secondary database on the DR server. This replication is 24x7 so the database on DR server is considered ‘near real-time’, as its data is a very close to real-time snapshot of the primary database on DB server. This is a one-way asynchronous replication. This design allows for best performance on the primary servers. Monitoring of the database replication is done, to verify replication is working as intended.
Additional details regarding rfxcel’s disaster recovery procedures is documented in “RFX-40-144 Disaster Recovery Plan Rackspace” and will be provided by rfxcel to customers.
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
RTS provides role-based security that can be allocated to a user. Multiple user-roles can be allocated to a user. If more than one role is assigned to a user, then rTS will grant the most-privilege level of access, e.g. User-Role#1 can access A, B, C and User-Role#2 can access A, C. If a user is assigned to both Roles then the user will have access to A, B, C.
Other Security Features Supported:
• Support SSO and LDAP connectivity
• Support via rIS and rfxchange for all common secure connection and encryption protocols such as SSL/TLS, AS2, HTTPS, SFTP, FTPS
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Description of management access authentication||Support via rIS and rfxchange for all common secure connection and encryption protocols such as SSL/TLS, AS2, HTTPS, SFTP, FTPS|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||21/10/2009|
|What the ISO/IEC 27001 doesn’t cover||This certification applies to our hosting partner, Rackspace, and covers all infrastructure and security. rfxcel has ISO 9001 certification and is in the process of obtaining ISO 27001.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||ISO9001|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Our security policy is laid out in rfXcel Security Policy document -20-115 and follows the below approval process.
Roy Devadas - VP Operations
Amit Sewak - Director Quality Management
This policy establishes information security requirements for rfXcel to ensure that rfXcel confidential information and technologies are not compromised, and that production services and other rfXcel interests are protected from team activities.
This policy applies to all internally connected development teams, rfXcel employees including our Chennai development center, and any third parties/sub-contractors who access rfXcel’s systems.
The security officer for rfXcel is the Vice President of Operations.
The rfXcel Security Officer is responsible for maintaining this documentation.
rfXcel Management is responsible for approving this procedure.
The rfXcel Security Officer is responsible for collecting and ensuring all documentation is retained, if required.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Configuration of the system is managed through 2 Configuration Specification documents
CS (Config Spec) for the base build
CSA (Config Spec Addendum) for client specific requirements
The purpose of this document is to define the process of the software change control that is to be used during development, operations and maintenance phase of a production computerized system (herein referred to as system) and its associated supporting infrastructure.
This document ensures changes and their impact are understood and agreed upon by affected stakeholders.
Changes are tracked using our RFX-70-04 form and are approved by our Director of Quality Management Amit Sewak.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Our hosting partner maintains an ISO27001 certified internal vulnerability management programme that includes regular vulnerability assessments of the corporate network intended to identify, assess and remediate technical vulnerabilities. In addition, the PCI Merchant program requires quarterly scans of the internal network for vulnerabilities; remediation follows PCI standard guidelines.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Our hosting partner, Rackspace have their data centres and Network Operations Center (NOC) manned 24/7/365.
Numerous monitoring levels are available depending on service level and segment. Rackspace's experienced technicians will automatically take action in your best interest within agreed support procedures.
Please note that the level of alerting and monitoring depends on the service selected.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Rackspace will work on restoring normal service as quickly as possible when a security problem or incident occurs. Rackspace will apply a consistent approach to all incidents, except where a specific approach is agreed upon with you in accordance with your account’s custom runbook. Rackspace is responsible for remediating issues with the customer’s approval. Sometimes approval is completed during the onboarding process (preapproved actions). If remediation falls outside the preapproved actions list, we will seek approval from the customer before leveraging CSOC system administrators or additional Rackspace support teams in order to execute the remediation plan.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||
|Price||£14000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||No|