Wax Digital

web3 eSourcing

Wax Digital web3 eSourcing is a highly intuitive, OJEU-compliant platform that drives compliance and best-value in supplier negotiations. web3 gives buyers the ability to optimise strategic sourcing outcomes through the use of eTenders and eAuctions with quick cloud-based deployment, unlimited scalability and a minimal training requirement, providing a rapid ROI.

Features

  • Cloud-based software, accessible via a web browser
  • High security, high availability platform
  • Intuitive user interface in your corporate branding
  • Quarterly software updates and support
  • Internationalisation with 15 languages as standard
  • Multiple currency and time zone support
  • Real-time reporting and analytics
  • Strong user permission controls
  • Project management functionality
  • Optional expert consultance support for complex events

Benefits

  • Rapid deployment with no IT hardware overheads
  • Ease of use delivers significant time and efficiency savings
  • Improvement of budgeting and visibility of expenditure
  • Supports international sourcing activities
  • Improves supplier communication and operational efficiency
  • Reduces supply chain risk
  • Accessible from any mobile device
  • Full auditability provides complete process transparency
  • Best practice enforcement within the project management feature
  • Enhances procurement team knowledge with consultancy support

Pricing

£11670 per unit per year

Service documents

Framework

G-Cloud 11

Service ID

5 6 9 5 8 6 5 2 1 9 6 1 0 3 3

Contact

Wax Digital

Chris Smith

0161 367 8375

Chris.Smith@medius.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Web3 eSourcing is part of Wax Digital's web3 integrated Source-to-Pay platform.

The intuitive web3 software is deployed via the cloud in modules or as an entire source-to-pay suite. The platform is developed in-house on a single code base, which ensures web3 delivers a consistency of user experience.
Cloud deployment model Private cloud
Service constraints There are no constraints that buyers should be aware of.
System requirements
  • Adequate internet connection
  • Stable/sufficient bandwidth (128kb/user or greater)
  • ‘Straight’ reliable connection to the internet (no proxies etc.)
  • Access to the recommended internet browsers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Wax Digital endeavours to respond to and resolve any issues/questions within the target response and resolution times as defined within the attached standard agreement (terms and conditions). The response and resolution times to an issue varies depending on the severity of the issue.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Wax Digital uses state-of-the-art management processes to log, track and resolve issues, delivering the highest possible levels of accountability, traceability, and visibility. All processes are audited for ISO9001, ISO27001 and Sarbanes-Oxley compliance on an annual basis.

Clients have access to an online support helpdesk tool, which provides the tools to view current service levels; submit new service requests; receive updates on existing requests; and review the entire support history. The helpdesk has full issue resolution, audit and escalation workflow functionality to allow issues to be reported and managed. This facility is available online 24 hours a day, assisting Wax Digital to resolve issues in a timely manner, no matter when or where they occur.

Support charges are included within the annual subscription fee.

Clients also have a dedicated Account Manager, who they meet regularly to review the on-going service delivery, and if any issues are raised these are noted, resolved or escalated at the weekly management meeting. The Account Manager takes an active role in supervising the delivery programmes and is key point of escalation for any issues during and after implementation. They work with clients to identify and put into action any system upgrade, additional functionality or other requirements.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Prior to the go-live phase of a project, Wax Digital operates training packages to transfer skills to the key gateway users of the web3 system. This can encompass the training of end-users in pilot departments, ‘train the trainer’, reporting and KPI training, super user and support training; allowing clients to manage the user interface, workflows, forms, screens, new process models and organisational changes. Training course duration varies per user requirements and will be confirmed during the implementation process.

Following final delivery, a Project Manager will be available onsite for ‘floor walking’ and as a point of contact that can be immediately called upon to explain functionality or generally help users with the system. Training documentation is also provided in the form of online walkthrough user guides, which are contained in the solution itself and can be customised on a client-by-client basis. These guides take the form of a graphical walk-through of all the screens involved in the business process from a user, administrator and operator perspective, with a step-by-step narrative to give the most intuitive, reference resource possible.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Wax Digital creates backups of all key system data throughout the lifetime of a project as defined by the Service Level Agreement. On termination, Wax Digital will run specific data extracts on the database to put client-specific data into a dataset where it can be saved in an agreed format for delivery.

Exports are ran via a custom SQL Script or a SQL Server Reporting Services report. This would typically contain a mixture of file formats depending on the type of data (e.g. transactional data would usually be in Excel or CSV, whilst contracts would be in PDF format).
End-of-contract process If a client decides not to renew the contract, Wax Digital at 3 months prior to the end of contract term will initiate an Exit Plan. This ensures an orderly migration of data and services to the client or, at the client’s request, a replacement supplier. At the end of the 90 days, the solution will be switched off with the hosting shut down.

Wax Digital will provide an export of data from web3 in an agreed format free of charge on the assumption it takes no longer than one day. Otherwise any additional days will be agreed in advance with clients. On satisfactory completion of the Exit Plan, Wax Digital shall certify that all data and materials belonging to the client have been delivered.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Web3's support for HTML 5.0 standards allows it to be used in the same consistent manner on any HTML-compliant browser on any smartphone/tablet device.
Service interface Yes
Description of service interface A user-friendly interface is common across the web3 application with a standard 'look and feel' that can be branded to a client’s requirements. A .NET GUI generator also ensures that the interface is completely dynamic, with every button and graphic generated on the fly to offer a personalised experience. Wherever possible, information within web3 is pre-populated, defined by the individual user login, to minimise the burden of data entry and reduce any opportunities for error to a minimum. Additionally, the interface is continually enhanced- Wax Digital employs specialist UX consultants and a dedicated design team to drive independent best practices.
Accessibility standards None or don’t know
Description of accessibility Web3 is designed to be highly flexible with easy-to-use functions that are accessible for all users from a variety of backgrounds. The intuitive user interface renders complex processes simple, thereby allowing thousands of users to engage with the system. The system is already in use within the public sector and can be configured to comply with specific standards.

web3 aims to conform to the W3C and Level AA standard. Where the highest standards of accessibility cannot be met for any reason, Wax Digital will provide the information in an accessible format on request.
Accessibility testing If required, Wax Digital can assess the ability to integrate web3 with access technologies such as Jaws, Dragon, Inspiration, OpenBook, Texthelp and ZoomText
API No
Customisation available Yes
Description of customisation For each client, the core solution is configured to their specific requirements. As an experienced software provider, Wax Digital understands that each organisation has its own unique requirements and as such, has designed its modules to be flexible and adaptable to all current/future business objectives and cases.

A high level of personalisation for key areas is also available including dashboards, forms, menu options, favourites etc. with users able to customise their display settings. Customisable dashboards deliver real-time windows on all key system and user activities, whilst powerful reporting facilities provide tailored management information to drive better business decisions. Users are able to delve into the system data at a granular level and create, save and share any number of personalised reports that can be exported.

Scaling

Scaling
Independence of resources Wax Digital's client systems are segregated by single application and database instances. These are managed, backed up and configured as if they were isolated on a stand-alone environment.

Analytics

Analytics
Service usage metrics Yes
Metrics types Web3 supports service metrics through inbuilt analytics and reporting. Dashboards can be used to monitor system usage including the number of active users, the number of logins per day, value of spend associated with each account, and spend by supplier etc.

The online helpdesk also allows clients to self-serve against report requirements on an ad-hoc basis. The inbuilt reporting options make it possible to run both predefined and custom reports and to filter out various snapshots of data, as per client-defined criteria. A Ticket Search allows more than a dozen filter options to be applied against any given query.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be extracted from the database into a dataset where it can be saved and exported in a standard format (e.g. CSV, XML and/or pdf file) for delivery to the user.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Pdf
  • XML deriviatives
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML deriviatives
  • PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Level for availability is that the system will be available 99.5% of all Business Hours and be available 95% at all other times.
Approach to resilience Available on request.
Outage reporting In order to ensure the efficient running of its production environment, Wax Digital reserves the right to use a scheduled and/or emergency maintenance period for the purpose of application upgrades and general system maintenance. Any intention to employ these maintenance windows will be agreed with the Client in advance.

Wherever reasonably possible, Wax Digital will notify the client 7 days prior to the event via email, and schedule outages at a time that will have minimal impact. Wax Digital will present a screen to the user, informing users that the system is unavailable and giving the expected time that the system will become available.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Wax Digital deploys access control mechanisms to protect critical and sensitive information including authorisation, segregation of privileges, and passwords.

The Head of IT Services is responsible for ensuring that both logical and physical access to sensitive information and systems are controlled, and procedures are in place to ensure their protection. Access control rules and rights to applications for each user are clearly stated in the ISO27001 certified, Access Control Policy and Procedures. A table within the policy summarises the roles and responsibilities by job function, for both internally and externally-based systems. All access granted, modified and terminated is recorded.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 06/10/2015
What the ISO/IEC 27001 doesn’t cover Wax Digital’s Information Security System is certified for the design, development and provision of its eProcurement software and services to internal and external customers and relevant suppliers.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes In support of the commitment to information security and compliance to all laws and regulations, Wax Digital operates an ISO27001 certified Information Security Management System (ISMS) that preserves confidentiality, responsibility, integrity and availability of information across all locations. This overall management structure, enables compliant information security to be embedded into the design of all processes, information systems and controls.

The ISMS is established, implemented and maintained by Wax Digital's senior management team, and reviewed to ensure that it remains appropriate to the purpose and context of the organisation. It is also supported by additional topic-specific policies, which further mandate the implementation of information security controls that are structured to address the needs of defined laws, regulations, target topics and/or groups. These policies are available upon request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Any minor enhancements or changes deemed by Wax Digital to constitute a Change Request will trigger formal pricing/delivery proposal mechanisms according to a formal ISO27001 certified, Change Control and Management Policy. Change requests are logged via the helpdesk as per issues and escalated to the commercial contact for pricing and further discussion.

Changes are tested thoroughly and applied to a User Acceptance Testing environment for sign off by the client. The changes are then be rolled to the live platform.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Wax Digital has robust mechanisms in place for vulnerability and patch management. All application, system and network device vulnerabilities are assessed, and all security patches are applied in a timely manner following a risk-based approach to prioritise the critical patches.

Critical updates are applied weekly, and Service Packs are applied ad hoc or when there is an application requirement. All security patches are automatically downloaded immediately on release and applied on a weekly basis. Should Wax Digital review and see the need for these to be applied immediately, they are.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The security of Wax Digital's monitoring processes are regularly assessed and audited to ISO27001 standards. web3 is constantly monitored internally for emerging vulnerabilities.

The following are monitored as a minimum:
- Hardware resources (CPU, Transaction Volumes, Disk Space, Memory Utilisation, Network Card Throughput etc.)
- ESB routes for failed file transmissions
- Ping results for server response times internet side
- Critical Services
- Backup routines
- Maintenance tasks

Panda Cloud Security is also used for monitoring software usage; unauthorised files or software are automatically investigated and the outcomes are considered for possible disciplinary action, as well as deletion.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Wax Digital has the following regularly reviewed, ISO27001 certified policies to set out how incidents should be managed: Information Security Incident Response and Collection of Evidence Procedure; and Incident Weakness and Event Reporting Procedure. The online helpdesk records all security incidents immediately upon receipt, allocating to each a unique reference and uses these records to ensure that all such reports are analysed and closed out. The Head of IT Services is responsible for coordinating the response to any reported security weakness including informing all interested parties; documenting all emergency steps taken; collecting the evidence; and closing out the event.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks NHS Network (N3)

Pricing

Pricing
Price £11670 per unit per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑