Wax Digital web3 eSourcing is a highly intuitive, OJEU-compliant platform that drives compliance and best-value in supplier negotiations. web3 gives buyers the ability to optimise strategic sourcing outcomes through the use of eTenders and eAuctions with quick cloud-based deployment, unlimited scalability and a minimal training requirement, providing a rapid ROI.
- Cloud-based software, accessible via a web browser
- High security, high availability platform
- Intuitive user interface in your corporate branding
- Quarterly software updates and support
- Internationalisation with 15 languages as standard
- Multiple currency and time zone support
- Real-time reporting and analytics
- Strong user permission controls
- Project management functionality
- Optional expert consultance support for complex events
- Rapid deployment with no IT hardware overheads
- Ease of use delivers significant time and efficiency savings
- Improvement of budgeting and visibility of expenditure
- Supports international sourcing activities
- Improves supplier communication and operational efficiency
- Reduces supply chain risk
- Accessible from any mobile device
- Full auditability provides complete process transparency
- Best practice enforcement within the project management feature
- Enhances procurement team knowledge with consultancy support
£11670 per unit per year
5 6 9 5 8 6 5 2 1 9 6 1 0 3 3
0161 367 8375
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Web3 eSourcing is part of Wax Digital's web3 integrated Source-to-Pay platform.
The intuitive web3 software is deployed via the cloud in modules or as an entire source-to-pay suite. The platform is developed in-house on a single code base, which ensures web3 delivers a consistency of user experience.
|Cloud deployment model||Private cloud|
|Service constraints||There are no constraints that buyers should be aware of.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Wax Digital endeavours to respond to and resolve any issues/questions within the target response and resolution times as defined within the attached standard agreement (terms and conditions). The response and resolution times to an issue varies depending on the severity of the issue.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
Wax Digital uses state-of-the-art management processes to log, track and resolve issues, delivering the highest possible levels of accountability, traceability, and visibility. All processes are audited for ISO9001, ISO27001 and Sarbanes-Oxley compliance on an annual basis.
Clients have access to an online support helpdesk tool, which provides the tools to view current service levels; submit new service requests; receive updates on existing requests; and review the entire support history. The helpdesk has full issue resolution, audit and escalation workflow functionality to allow issues to be reported and managed. This facility is available online 24 hours a day, assisting Wax Digital to resolve issues in a timely manner, no matter when or where they occur.
Support charges are included within the annual subscription fee.
Clients also have a dedicated Account Manager, who they meet regularly to review the on-going service delivery, and if any issues are raised these are noted, resolved or escalated at the weekly management meeting. The Account Manager takes an active role in supervising the delivery programmes and is key point of escalation for any issues during and after implementation. They work with clients to identify and put into action any system upgrade, additional functionality or other requirements.
|Support available to third parties||No|
Onboarding and offboarding
Prior to the go-live phase of a project, Wax Digital operates training packages to transfer skills to the key gateway users of the web3 system. This can encompass the training of end-users in pilot departments, ‘train the trainer’, reporting and KPI training, super user and support training; allowing clients to manage the user interface, workflows, forms, screens, new process models and organisational changes. Training course duration varies per user requirements and will be confirmed during the implementation process.
Following final delivery, a Project Manager will be available onsite for ‘floor walking’ and as a point of contact that can be immediately called upon to explain functionality or generally help users with the system. Training documentation is also provided in the form of online walkthrough user guides, which are contained in the solution itself and can be customised on a client-by-client basis. These guides take the form of a graphical walk-through of all the screens involved in the business process from a user, administrator and operator perspective, with a step-by-step narrative to give the most intuitive, reference resource possible.
|End-of-contract data extraction||
Wax Digital creates backups of all key system data throughout the lifetime of a project as defined by the Service Level Agreement. On termination, Wax Digital will run specific data extracts on the database to put client-specific data into a dataset where it can be saved in an agreed format for delivery.
Exports are ran via a custom SQL Script or a SQL Server Reporting Services report. This would typically contain a mixture of file formats depending on the type of data (e.g. transactional data would usually be in Excel or CSV, whilst contracts would be in PDF format).
If a client decides not to renew the contract, Wax Digital at 3 months prior to the end of contract term will initiate an Exit Plan. This ensures an orderly migration of data and services to the client or, at the client’s request, a replacement supplier. At the end of the 90 days, the solution will be switched off with the hosting shut down.
Wax Digital will provide an export of data from web3 in an agreed format free of charge on the assumption it takes no longer than one day. Otherwise any additional days will be agreed in advance with clients. On satisfactory completion of the Exit Plan, Wax Digital shall certify that all data and materials belonging to the client have been delivered.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Web3's support for HTML 5.0 standards allows it to be used in the same consistent manner on any HTML-compliant browser on any smartphone/tablet device.|
|Description of service interface||A user-friendly interface is common across the web3 application with a standard 'look and feel' that can be branded to a client’s requirements. A .NET GUI generator also ensures that the interface is completely dynamic, with every button and graphic generated on the fly to offer a personalised experience. Wherever possible, information within web3 is pre-populated, defined by the individual user login, to minimise the burden of data entry and reduce any opportunities for error to a minimum. Additionally, the interface is continually enhanced- Wax Digital employs specialist UX consultants and a dedicated design team to drive independent best practices.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Web3 is designed to be highly flexible with easy-to-use functions that are accessible for all users from a variety of backgrounds. The intuitive user interface renders complex processes simple, thereby allowing thousands of users to engage with the system. The system is already in use within the public sector and can be configured to comply with specific standards.
web3 aims to conform to the W3C and Level AA standard. Where the highest standards of accessibility cannot be met for any reason, Wax Digital will provide the information in an accessible format on request.
|Accessibility testing||If required, Wax Digital can assess the ability to integrate web3 with access technologies such as Jaws, Dragon, Inspiration, OpenBook, Texthelp and ZoomText|
|Description of customisation||
For each client, the core solution is configured to their specific requirements. As an experienced software provider, Wax Digital understands that each organisation has its own unique requirements and as such, has designed its modules to be flexible and adaptable to all current/future business objectives and cases.
A high level of personalisation for key areas is also available including dashboards, forms, menu options, favourites etc. with users able to customise their display settings. Customisable dashboards deliver real-time windows on all key system and user activities, whilst powerful reporting facilities provide tailored management information to drive better business decisions. Users are able to delve into the system data at a granular level and create, save and share any number of personalised reports that can be exported.
|Independence of resources||Wax Digital's client systems are segregated by single application and database instances. These are managed, backed up and configured as if they were isolated on a stand-alone environment.|
|Service usage metrics||Yes|
Web3 supports service metrics through inbuilt analytics and reporting. Dashboards can be used to monitor system usage including the number of active users, the number of logins per day, value of spend associated with each account, and spend by supplier etc.
The online helpdesk also allows clients to self-serve against report requirements on an ad-hoc basis. The inbuilt reporting options make it possible to run both predefined and custom reports and to filter out various snapshots of data, as per client-defined criteria. A Ticket Search allows more than a dozen filter options to be applied against any given query.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data can be extracted from the database into a dataset where it can be saved and exported in a standard format (e.g. CSV, XML and/or pdf file) for delivery to the user.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||The Service Level for availability is that the system will be available 99.5% of all Business Hours and be available 95% at all other times.|
|Approach to resilience||Available on request.|
In order to ensure the efficient running of its production environment, Wax Digital reserves the right to use a scheduled and/or emergency maintenance period for the purpose of application upgrades and general system maintenance. Any intention to employ these maintenance windows will be agreed with the Client in advance.
Wherever reasonably possible, Wax Digital will notify the client 7 days prior to the event via email, and schedule outages at a time that will have minimal impact. Wax Digital will present a screen to the user, informing users that the system is unavailable and giving the expected time that the system will become available.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Wax Digital deploys access control mechanisms to protect critical and sensitive information including authorisation, segregation of privileges, and passwords.
The Head of IT Services is responsible for ensuring that both logical and physical access to sensitive information and systems are controlled, and procedures are in place to ensure their protection. Access control rules and rights to applications for each user are clearly stated in the ISO27001 certified, Access Control Policy and Procedures. A table within the policy summarises the roles and responsibilities by job function, for both internally and externally-based systems. All access granted, modified and terminated is recorded.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||The British Assessment Bureau|
|ISO/IEC 27001 accreditation date||06/10/2015|
|What the ISO/IEC 27001 doesn’t cover||Wax Digital’s Information Security System is certified for the design, development and provision of its eProcurement software and services to internal and external customers and relevant suppliers.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
In support of the commitment to information security and compliance to all laws and regulations, Wax Digital operates an ISO27001 certified Information Security Management System (ISMS) that preserves confidentiality, responsibility, integrity and availability of information across all locations. This overall management structure, enables compliant information security to be embedded into the design of all processes, information systems and controls.
The ISMS is established, implemented and maintained by Wax Digital's senior management team, and reviewed to ensure that it remains appropriate to the purpose and context of the organisation. It is also supported by additional topic-specific policies, which further mandate the implementation of information security controls that are structured to address the needs of defined laws, regulations, target topics and/or groups. These policies are available upon request.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Any minor enhancements or changes deemed by Wax Digital to constitute a Change Request will trigger formal pricing/delivery proposal mechanisms according to a formal ISO27001 certified, Change Control and Management Policy. Change requests are logged via the helpdesk as per issues and escalated to the commercial contact for pricing and further discussion.
Changes are tested thoroughly and applied to a User Acceptance Testing environment for sign off by the client. The changes are then be rolled to the live platform.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Wax Digital has robust mechanisms in place for vulnerability and patch management. All application, system and network device vulnerabilities are assessed, and all security patches are applied in a timely manner following a risk-based approach to prioritise the critical patches.
Critical updates are applied weekly, and Service Packs are applied ad hoc or when there is an application requirement. All security patches are automatically downloaded immediately on release and applied on a weekly basis. Should Wax Digital review and see the need for these to be applied immediately, they are.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
The security of Wax Digital's monitoring processes are regularly assessed and audited to ISO27001 standards. web3 is constantly monitored internally for emerging vulnerabilities.
The following are monitored as a minimum:
- Hardware resources (CPU, Transaction Volumes, Disk Space, Memory Utilisation, Network Card Throughput etc.)
- ESB routes for failed file transmissions
- Ping results for server response times internet side
- Critical Services
- Backup routines
- Maintenance tasks
Panda Cloud Security is also used for monitoring software usage; unauthorised files or software are automatically investigated and the outcomes are considered for possible disciplinary action, as well as deletion.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Wax Digital has the following regularly reviewed, ISO27001 certified policies to set out how incidents should be managed: Information Security Incident Response and Collection of Evidence Procedure; and Incident Weakness and Event Reporting Procedure. The online helpdesk records all security incidents immediately upon receipt, allocating to each a unique reference and uses these records to ensure that all such reports are analysed and closed out. The Head of IT Services is responsible for coordinating the response to any reported security weakness including informing all interested parties; documenting all emergency steps taken; collecting the evidence; and closing out the event.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||NHS Network (N3)|
|Price||£11670 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|