Tradeshift

Tradeshift BUY Application - Digital Procurement for all copy

An intuitive and simple to use procurement tool whether using catalogues or free text. The system is designed for end users rather than professional procurement users enabling improved adoption within organisations. Our content management tool can be used with 3rd party procurement systems like Oracle and SAP.

Features

  • Buy products and services from anywhere
  • Easy to use content management engine
  • Simple Collaboration with colleagues and suppliers
  • Increased options for buying the right product & service
  • Reduced maverick spend that is out of policy
  • Simple and easy to use for normal buyers & employees
  • Can be used with 3rd party procurement systems
  • Open platform allows for flexibility and futureproofing
  • Product Information Management (PIM)
  • Virtual Card Payments available

Benefits

  • Simple and easy to use drives greater user adoption
  • Can work with existing systems
  • Greater variety, better cost control, more agility for your business
  • Branding available to customise the experience
  • Future proof technology and easy to teach
  • Control Cost, Create Value, Generate Savings, Enable Innovation
  • Broaden Product Scope, Introduce Competition, Collaborate
  • Future Proof, Scalable, Easy to Use

Pricing

£0.01 per transaction

Service documents

G-Cloud 11

491266366954410

Tradeshift

Simon Butterfield

07500 837 371

simon.butterfield@tradeshift.com

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Tradeshift Platform and Network
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Access to the web
  • Web Browser either on a computer, tablet or Mobile

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depends on SLA.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via internal chat / messenger type service.
Web chat accessibility testing N/A.
Onsite support Yes, at extra cost
Support levels Tradeshift's online support center at support.tradeshift.com includes a knowledgebase, FAQs, support forums, tutorials and other self-help documentation enabling our customers and their suppliers to be as self sufficient as possible. Please see support.tradeshift.com, specifically Support Forum section of page for FAQ.

All support is included in the SaaS support cost.

A Customer Success Manager is assigned for the lifetime of your contract with Tradeshift to support all escalations, and to conduct quarterly business reviews. The CSM will engage with internal team members to ensure the right resources are engaged to support your business needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started With respect to training, we do provide a range of programmes to meet the needs of your business which include, but are not limited to;

-Customer Site Training
-Supplier Site Training
-Webinar Training
-Video Conference Training

Tradeshift has train-the-trainer materials and can tailor this to meet the needs of your business. We prefer to conduct user training this way, because it is scalable and will better suit the needs of your users.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This is achieved via raising a support request via our Technical Support Service desk.
End-of-contract process Tradeshift can provide a standard Exit plan for contract termination. This results in data being returned in a media of your choice. We will agree upon a standard process for service decommission that is mutually agreeable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Tradeshift is designed with HTML5, and responsive design and will therefore resize to meet the needs of the device from which it is launched.
Accessibility standards None or don’t know
Description of accessibility Via a browser.
Accessibility testing N/A.
API Yes
What users can and can't do using the API The Tradeshift API is based on HTTPS, REST, and OAuth. It allows developers to use HTTP PUT/POST/GET/DELETE to access 'resources', such as dispatching documents, creating users, and connecting with other accounts. It is used by both Tradeshift and third-party developers. The full API library can be found at https://api.tradeshift.com/tradeshift/rest/doc
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our customers may choose to leverage Tradeshift's REST API and create custom applications and jobs to interface with Tradeshift. Each resource of the Tradeshift platform, such as business documents, business networks nodes and connections, are exposed as REST resources. The Tradeshift REST API can be called from a wide variety of client-side languages, including Java, .NET, PHP, Ruby on Rails, and Perl.

A detailed description of the REST resources comprising the API can be found here: http://apps.tradeshift.com/

An important differentiator in Tradeshift in our application framework. We recognise that Tradeshift alone is unable to facilitate all processes that may occur within a business, between parties, and more importantly between organisations. We therefore invite customers, third-parties and partners to bring their own expertise and industry experience to all those who register with the Tradeshift Network. Tradeshift has over 50 application partners providing capabilities such as Contract Management, Strategic Sourcing, Order Collaboration, eLogistics, Dynamic Discounting, Timesheets Tracking, Risk Scoring, Supply Chain Finance and many more.

Scaling

Scaling
Independence of resources Tradeshift leverages Amazon Web Services for the hosting of the cloud infrastructure. This enables Tradeshift to utilize a network of secure servers and provides for near infinite scalability.

Analytics

Analytics
Service usage metrics Yes
Metrics types Tradeshift has developed a Business Insights application on our network to host a range of Insight Cards, which are being developed to support reporting requirements. Tradeshift Business Insights allows a user to select from a library of existing Insights, which pertain to different parts of the solution, such as Spend, Throughput, Volume and Performance. Spend insights will continue to evolve through 2017.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Tradeshift provides a range of service APIs to extract information in bulk. Users can also download their documents on an individual basis in .PDF or .XML via the service user interface.
Data export formats
  • CSV
  • Other
Other data export formats
  • UBL, OIOUBL, OIOXML, BASDA XML (eBIS),
  • EDIFACT, (INVOIC, IFTFCC), TEAPPSXML (Tieto), Finvoice,
  • Svefaktura, EHF (Norwegian legislation), e2b (Norwegian),
  • CENBII (PEPPOL), GS1XML (v2.6 + 3.1),
  • Rosettanet (PIP3C3), Nota Fiscal (nfe v2.0), SETU (hr-xml),
  • IDOC (INVOIC02, ORDERS05), TRADACOMS (INVOICE, CREDIT),
  • CEN Cross Industry Invoice (CII), PIDX
  • CXML (Ariba), CSV, X12 (110, 210, 310, 810),
  • OAGIS (v8, v9, v10), xCBL,
  • Any to Any
Data import formats
  • CSV
  • Other
Other data import formats
  • UBL, OIOUBL, OIOXML, BASDA XML (eBIS),
  • EDIFACT, (INVOIC, IFTFCC), TEAPPSXML (Tieto), Finvoice,
  • Svefaktura, EHF (Norwegian legislation), e2b (Norwegian),
  • CENBII (PEPPOL), GS1XML (v2.6 + 3.1),
  • Rosettanet (PIP3C3), Nota Fiscal (nfe v2.0), SETU (hr-xml),
  • IDOC (INVOIC02, ORDERS05), TRADACOMS (INVOICE, CREDIT),
  • CEN Cross Industry Invoice (CII), PIDX
  • CXML (Ariba), CSV, X12 (110, 210, 310, 810),
  • OAGIS (v8, v9, v10), xCBL,
  • Any to Any

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks All transmission of data to and from the Tradeshift network occurs over secured channels, using TLS, HTTPS, SSL, Secure FTP and OAuth for API calls.
Data protection within supplier network Other
Other protection within supplier network All transmission of data to and from the Tradeshift network occurs over secured channels, using TLS, HTTPS, SSL, Secure FTP and OAuth for API calls. All data has AES-256 encryption at rest

Availability and resilience

Availability and resilience
Guaranteed availability Tradeshift is designed for uninterrupted availability and the platform availability is monitored at all times. Tradeshift provides a standard application level SLA , guaranteeing 99.5% availability.

The service availability status and metrics are published in a web dashboard at http://status.tradeshift.com. Users can subscribe live updates via a variety of channels including email and SMS updates.
Approach to resilience Tradeshift complies with ISO-27001, SOC I - ISAE-3402 and SOC II rules pertaining to standards a provider must adopt in order to meet the internal controls of a service organization. This states that the 'Infrastructure and platform is designed, implemented and configured to provide resilience'. Tradeshift operates out of multiple, geographically separated, cloud service provider data centers to ensure service can be provided without interruption and all data is mirrored in real-time as part of our Disaster Recovery policy.

Furthermore, we perform full system restoration tests regularly based on the simulation of a complete regional outage, simulating the loss of several physical data centers.

Tradeshift operates from three different Amazon Web Services (AWS) availability zones in Ireland, therefore if a data center goes dark, it would be recoverable within the region very easily as we still have components running in the other two data centers. Documents are kept in three different availability zones across our Riak cluster (Tradeshift has 3x replication within the cluster). Our backups are kept in S3 in the same region with 99.999% durability. The database is primarily located in Ireland with the replicated hot standby in Frankfurt.
Outage reporting See the real time availability status on status.tradeshift.com

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Tradeshift servers are only accessible remotely via encrypted VPN and SSH. Access is limited only to only authorized operations personnel and all access to the systems are logged. All platform access, whether successful or not, is captured to an audit log that ensures full traceability of all data access and mutation. This includes access attempts to the audit log itself. Every transaction on the Tradeshift platform is monitored, logged, time stamped and archived along with user specific information. Audit logs are retained for a minimum of 10 years. System event logs are viewable by the operations team.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Kirkpatrick Price
ISO/IEC 27001 accreditation date 31/12/2015
What the ISO/IEC 27001 doesn’t cover .
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Type II Service Organisation Control Report (ISAE 3402)
  • Type II Service Organisation Control Report (SSAE No. 16)
  • Type II Service Organisation Control Report (SOC 2)
  • Privacy Shield (http://europa.eu/rapid/press-release_IP-16-2461_en.htm)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Tradeshift Chief Information Security Officer and Chief Technology Officer, along with Senior Directory Platform Operations who co-ordinate security policy against compliance programs.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All platform access, whether successful or not, is captured to an audit log that ensures full traceability of all data access and mutation. This includes access attempts to the audit log itself. For example, user actions on the system are logged, including permission elevation and/or role changes. Also, password resets are logged. Every transaction on the Tradeshift platform is monitored, logged, time stamped and archived along with user specific information. Audit logs are retained for a minimum of 10 years. System event logs are viewable by the operations team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Annual penetration and application security testing by NCC Group. Weekly vulnerability scans by Acunetix. Weekly internal vulnerability scans via Nessus. We also have an ongoing bug bounty program hosted on hackerone.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Tradeshift utilizes host based intrusion detection systems on each host and then alert the security team who follows up on each alert. We use centralized config management via Puppet to ensure servers are equally hardened everywhere. We also have per host firewalls and host based intrusion detection running on all systems. All systems receive automated security updates nightly.

We also monitor for attacks with our HIDS on individual hosts as well through ongoing system monitoring.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Tradeshift uses an online support and ticketing system where users can open support tickets and track issue statuses. All support cases are handled by internal staff and are assigned a ticket number that can be used for future reference by the customer.

We offer three levels of support:
1st level support handles most support requests
2nd level support handles more technical requests
3rd level support is for critical issues requiring an immediate response.

Critical platform incidents are reported automatically to our operations team and an engineer will be working on problem resolution within 10 minutes, 24/7/365.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.01 per transaction
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Use of the Platform
Certain free Applications
No period constraints
Link to free trial Www.tradeshift.com

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑