Tradeshift

Tradeshift BUY Application - Digital Procurement for all copy

An intuitive and simple to use procurement tool whether using catalogues or free text. The system is designed for end users rather than professional procurement users enabling improved adoption within organisations. Our content management tool can be used with 3rd party procurement systems like Oracle and SAP.

Features

  • Buy products and services from anywhere
  • Easy to use content management engine
  • Simple Collaboration with colleagues and suppliers
  • Increased options for buying the right product & service
  • Reduced maverick spend that is out of policy
  • Simple and easy to use for normal buyers & employees
  • Can be used with 3rd party procurement systems
  • Open platform allows for flexibility and futureproofing
  • Product Information Management (PIM)
  • Virtual Card Payments available

Benefits

  • Simple and easy to use drives greater user adoption
  • Can work with existing systems
  • Greater variety, better cost control, more agility for your business
  • Branding available to customise the experience
  • Future proof technology and easy to teach
  • Control Cost, Create Value, Generate Savings, Enable Innovation
  • Broaden Product Scope, Introduce Competition, Collaborate
  • Future Proof, Scalable, Easy to Use

Pricing

£0.01 per transaction

Service documents

Framework

G-Cloud 11

Service ID

4 9 1 2 6 6 3 6 6 9 5 4 4 1 0

Contact

Tradeshift

Simon Butterfield

07500 837 371

simon.butterfield@tradeshift.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Tradeshift Platform and Network
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Access to the web
  • Web Browser either on a computer, tablet or Mobile

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depends on SLA.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via internal chat / messenger type service.
Web chat accessibility testing
N/A.
Onsite support
Yes, at extra cost
Support levels
Tradeshift's online support center at support.tradeshift.com includes a knowledgebase, FAQs, support forums, tutorials and other self-help documentation enabling our customers and their suppliers to be as self sufficient as possible. Please see support.tradeshift.com, specifically Support Forum section of page for FAQ.

All support is included in the SaaS support cost.

A Customer Success Manager is assigned for the lifetime of your contract with Tradeshift to support all escalations, and to conduct quarterly business reviews. The CSM will engage with internal team members to ensure the right resources are engaged to support your business needs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
With respect to training, we do provide a range of programmes to meet the needs of your business which include, but are not limited to;

-Customer Site Training
-Supplier Site Training
-Webinar Training
-Video Conference Training

Tradeshift has train-the-trainer materials and can tailor this to meet the needs of your business. We prefer to conduct user training this way, because it is scalable and will better suit the needs of your users.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
This is achieved via raising a support request via our Technical Support Service desk.
End-of-contract process
Tradeshift can provide a standard Exit plan for contract termination. This results in data being returned in a media of your choice. We will agree upon a standard process for service decommission that is mutually agreeable.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Tradeshift is designed with HTML5, and responsive design and will therefore resize to meet the needs of the device from which it is launched.
Service interface
Yes
Description of service interface
There may be depending on requirements and interfacing.
Accessibility standards
None or don’t know
Description of accessibility
Via a browser.
Accessibility testing
N/A.
API
Yes
What users can and can't do using the API
The Tradeshift API is based on HTTPS, REST, and OAuth. It allows developers to use HTTP PUT/POST/GET/DELETE to access 'resources', such as dispatching documents, creating users, and connecting with other accounts. It is used by both Tradeshift and third-party developers. The full API library can be found at https://api.tradeshift.com/tradeshift/rest/doc
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our customers may choose to leverage Tradeshift's REST API and create custom applications and jobs to interface with Tradeshift. Each resource of the Tradeshift platform, such as business documents, business networks nodes and connections, are exposed as REST resources. The Tradeshift REST API can be called from a wide variety of client-side languages, including Java, .NET, PHP, Ruby on Rails, and Perl.

A detailed description of the REST resources comprising the API can be found here: http://apps.tradeshift.com/

An important differentiator in Tradeshift in our application framework. We recognise that Tradeshift alone is unable to facilitate all processes that may occur within a business, between parties, and more importantly between organisations. We therefore invite customers, third-parties and partners to bring their own expertise and industry experience to all those who register with the Tradeshift Network. Tradeshift has over 50 application partners providing capabilities such as Contract Management, Strategic Sourcing, Order Collaboration, eLogistics, Dynamic Discounting, Timesheets Tracking, Risk Scoring, Supply Chain Finance and many more.

Scaling

Independence of resources
Tradeshift leverages Amazon Web Services for the hosting of the cloud infrastructure. This enables Tradeshift to utilize a network of secure servers and provides for near infinite scalability.

Analytics

Service usage metrics
Yes
Metrics types
Tradeshift has developed a Business Insights application on our network to host a range of Insight Cards, which are being developed to support reporting requirements. Tradeshift Business Insights allows a user to select from a library of existing Insights, which pertain to different parts of the solution, such as Spend, Throughput, Volume and Performance. Spend insights will continue to evolve through 2017.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Tradeshift provides a range of service APIs to extract information in bulk. Users can also download their documents on an individual basis in .PDF or .XML via the service user interface.
Data export formats
  • CSV
  • Other
Other data export formats
  • UBL, OIOUBL, OIOXML, BASDA XML (eBIS),
  • EDIFACT, (INVOIC, IFTFCC), TEAPPSXML (Tieto), Finvoice,
  • Svefaktura, EHF (Norwegian legislation), e2b (Norwegian),
  • CENBII (PEPPOL), GS1XML (v2.6 + 3.1),
  • Rosettanet (PIP3C3), Nota Fiscal (nfe v2.0), SETU (hr-xml),
  • IDOC (INVOIC02, ORDERS05), TRADACOMS (INVOICE, CREDIT),
  • CEN Cross Industry Invoice (CII), PIDX
  • CXML (Ariba), CSV, X12 (110, 210, 310, 810),
  • OAGIS (v8, v9, v10), xCBL,
  • Any to Any
Data import formats
  • CSV
  • Other
Other data import formats
  • UBL, OIOUBL, OIOXML, BASDA XML (eBIS),
  • EDIFACT, (INVOIC, IFTFCC), TEAPPSXML (Tieto), Finvoice,
  • Svefaktura, EHF (Norwegian legislation), e2b (Norwegian),
  • CENBII (PEPPOL), GS1XML (v2.6 + 3.1),
  • Rosettanet (PIP3C3), Nota Fiscal (nfe v2.0), SETU (hr-xml),
  • IDOC (INVOIC02, ORDERS05), TRADACOMS (INVOICE, CREDIT),
  • CEN Cross Industry Invoice (CII), PIDX
  • CXML (Ariba), CSV, X12 (110, 210, 310, 810),
  • OAGIS (v8, v9, v10), xCBL,
  • Any to Any

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
All transmission of data to and from the Tradeshift network occurs over secured channels, using TLS, HTTPS, SSL, Secure FTP and OAuth for API calls.
Data protection within supplier network
Other
Other protection within supplier network
All transmission of data to and from the Tradeshift network occurs over secured channels, using TLS, HTTPS, SSL, Secure FTP and OAuth for API calls. All data has AES-256 encryption at rest

Availability and resilience

Guaranteed availability
Tradeshift is designed for uninterrupted availability and the platform availability is monitored at all times. Tradeshift provides a standard application level SLA , guaranteeing 99.5% availability.

The service availability status and metrics are published in a web dashboard at http://status.tradeshift.com. Users can subscribe live updates via a variety of channels including email and SMS updates.
Approach to resilience
Tradeshift complies with ISO-27001, SOC I - ISAE-3402 and SOC II rules pertaining to standards a provider must adopt in order to meet the internal controls of a service organization. This states that the 'Infrastructure and platform is designed, implemented and configured to provide resilience'. Tradeshift operates out of multiple, geographically separated, cloud service provider data centers to ensure service can be provided without interruption and all data is mirrored in real-time as part of our Disaster Recovery policy.

Furthermore, we perform full system restoration tests regularly based on the simulation of a complete regional outage, simulating the loss of several physical data centers.

Tradeshift operates from three different Amazon Web Services (AWS) availability zones in Ireland, therefore if a data center goes dark, it would be recoverable within the region very easily as we still have components running in the other two data centers. Documents are kept in three different availability zones across our Riak cluster (Tradeshift has 3x replication within the cluster). Our backups are kept in S3 in the same region with 99.999% durability. The database is primarily located in Ireland with the replicated hot standby in Frankfurt.
Outage reporting
See the real time availability status on status.tradeshift.com

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Tradeshift servers are only accessible remotely via encrypted VPN and SSH. Access is limited only to only authorized operations personnel and all access to the systems are logged. All platform access, whether successful or not, is captured to an audit log that ensures full traceability of all data access and mutation. This includes access attempts to the audit log itself. Every transaction on the Tradeshift platform is monitored, logged, time stamped and archived along with user specific information. Audit logs are retained for a minimum of 10 years. System event logs are viewable by the operations team.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Kirkpatrick Price
ISO/IEC 27001 accreditation date
31/12/2015
What the ISO/IEC 27001 doesn’t cover
.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Type II Service Organisation Control Report (ISAE 3402)
  • Type II Service Organisation Control Report (SSAE No. 16)
  • Type II Service Organisation Control Report (SOC 2)
  • Privacy Shield (http://europa.eu/rapid/press-release_IP-16-2461_en.htm)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Tradeshift Chief Information Security Officer and Chief Technology Officer, along with Senior Directory Platform Operations who co-ordinate security policy against compliance programs.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All platform access, whether successful or not, is captured to an audit log that ensures full traceability of all data access and mutation. This includes access attempts to the audit log itself. For example, user actions on the system are logged, including permission elevation and/or role changes. Also, password resets are logged. Every transaction on the Tradeshift platform is monitored, logged, time stamped and archived along with user specific information. Audit logs are retained for a minimum of 10 years. System event logs are viewable by the operations team.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Annual penetration and application security testing by NCC Group. Weekly vulnerability scans by Acunetix. Weekly internal vulnerability scans via Nessus. We also have an ongoing bug bounty program hosted on hackerone.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Tradeshift utilizes host based intrusion detection systems on each host and then alert the security team who follows up on each alert. We use centralized config management via Puppet to ensure servers are equally hardened everywhere. We also have per host firewalls and host based intrusion detection running on all systems. All systems receive automated security updates nightly.

We also monitor for attacks with our HIDS on individual hosts as well through ongoing system monitoring.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Tradeshift uses an online support and ticketing system where users can open support tickets and track issue statuses. All support cases are handled by internal staff and are assigned a ticket number that can be used for future reference by the customer.

We offer three levels of support:
1st level support handles most support requests
2nd level support handles more technical requests
3rd level support is for critical issues requiring an immediate response.

Critical platform incidents are reported automatically to our operations team and an engineer will be working on problem resolution within 10 minutes, 24/7/365.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.01 per transaction
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Use of the Platform
Certain free Applications
No period constraints
Link to free trial
Www.tradeshift.com

Service documents

Return to top ↑