Wax Digital

web3 eSourcing

Wax Digital web3 eSourcing is a highly intuitive, OJEU-compliant platform that drives compliance and best-value in supplier negotiations. web3 gives buyers the ability to optimise strategic sourcing outcomes through the use of eTenders and eAuctions with quick cloud-based deployment, unlimited scalability and a minimal training requirement, providing a rapid ROI.


  • Cloud-based software, accessible via a web browser
  • High security, high availability platform
  • Intuitive user interface in your corporate branding
  • Quarterly software updates and support
  • Internationalisation with 15 languages as standard
  • Multiple currency and time zone support
  • Real-time reporting and analytics
  • Strong user permission controls
  • Project management functionality
  • Optional expert consultance support for complex events


  • Rapid deployment with no IT hardware overheads
  • Ease of use delivers significant time and efficiency savings
  • Improvement of budgeting and visibility of expenditure
  • Supports international sourcing activities
  • Improves supplier communication and operational efficiency
  • Reduces supply chain risk
  • Accessible from any mobile device
  • Full auditability provides complete process transparency
  • Best practice enforcement within the project management feature
  • Enhances procurement team knowledge with consultancy support


£11670 per unit per year

Service documents


G-Cloud 11

Service ID

5 6 9 5 8 6 5 2 1 9 6 1 0 3 3


Wax Digital

Chris Smith

0161 367 8375


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Web3 eSourcing is part of Wax Digital's web3 integrated Source-to-Pay platform.

The intuitive web3 software is deployed via the cloud in modules or as an entire source-to-pay suite. The platform is developed in-house on a single code base, which ensures web3 delivers a consistency of user experience.
Cloud deployment model
Private cloud
Service constraints
There are no constraints that buyers should be aware of.
System requirements
  • Adequate internet connection
  • Stable/sufficient bandwidth (128kb/user or greater)
  • ‘Straight’ reliable connection to the internet (no proxies etc.)
  • Access to the recommended internet browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Wax Digital endeavours to respond to and resolve any issues/questions within the target response and resolution times as defined within the attached standard agreement (terms and conditions). The response and resolution times to an issue varies depending on the severity of the issue.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Wax Digital uses state-of-the-art management processes to log, track and resolve issues, delivering the highest possible levels of accountability, traceability, and visibility. All processes are audited for ISO9001, ISO27001 and Sarbanes-Oxley compliance on an annual basis.

Clients have access to an online support helpdesk tool, which provides the tools to view current service levels; submit new service requests; receive updates on existing requests; and review the entire support history. The helpdesk has full issue resolution, audit and escalation workflow functionality to allow issues to be reported and managed. This facility is available online 24 hours a day, assisting Wax Digital to resolve issues in a timely manner, no matter when or where they occur.

Support charges are included within the annual subscription fee.

Clients also have a dedicated Account Manager, who they meet regularly to review the on-going service delivery, and if any issues are raised these are noted, resolved or escalated at the weekly management meeting. The Account Manager takes an active role in supervising the delivery programmes and is key point of escalation for any issues during and after implementation. They work with clients to identify and put into action any system upgrade, additional functionality or other requirements.
Support available to third parties

Onboarding and offboarding

Getting started
Prior to the go-live phase of a project, Wax Digital operates training packages to transfer skills to the key gateway users of the web3 system. This can encompass the training of end-users in pilot departments, ‘train the trainer’, reporting and KPI training, super user and support training; allowing clients to manage the user interface, workflows, forms, screens, new process models and organisational changes. Training course duration varies per user requirements and will be confirmed during the implementation process.

Following final delivery, a Project Manager will be available onsite for ‘floor walking’ and as a point of contact that can be immediately called upon to explain functionality or generally help users with the system. Training documentation is also provided in the form of online walkthrough user guides, which are contained in the solution itself and can be customised on a client-by-client basis. These guides take the form of a graphical walk-through of all the screens involved in the business process from a user, administrator and operator perspective, with a step-by-step narrative to give the most intuitive, reference resource possible.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Wax Digital creates backups of all key system data throughout the lifetime of a project as defined by the Service Level Agreement. On termination, Wax Digital will run specific data extracts on the database to put client-specific data into a dataset where it can be saved in an agreed format for delivery.

Exports are ran via a custom SQL Script or a SQL Server Reporting Services report. This would typically contain a mixture of file formats depending on the type of data (e.g. transactional data would usually be in Excel or CSV, whilst contracts would be in PDF format).
End-of-contract process
If a client decides not to renew the contract, Wax Digital at 3 months prior to the end of contract term will initiate an Exit Plan. This ensures an orderly migration of data and services to the client or, at the client’s request, a replacement supplier. At the end of the 90 days, the solution will be switched off with the hosting shut down.

Wax Digital will provide an export of data from web3 in an agreed format free of charge on the assumption it takes no longer than one day. Otherwise any additional days will be agreed in advance with clients. On satisfactory completion of the Exit Plan, Wax Digital shall certify that all data and materials belonging to the client have been delivered.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Web3's support for HTML 5.0 standards allows it to be used in the same consistent manner on any HTML-compliant browser on any smartphone/tablet device.
Service interface
Description of service interface
A user-friendly interface is common across the web3 application with a standard 'look and feel' that can be branded to a client’s requirements. A .NET GUI generator also ensures that the interface is completely dynamic, with every button and graphic generated on the fly to offer a personalised experience. Wherever possible, information within web3 is pre-populated, defined by the individual user login, to minimise the burden of data entry and reduce any opportunities for error to a minimum. Additionally, the interface is continually enhanced- Wax Digital employs specialist UX consultants and a dedicated design team to drive independent best practices.
Accessibility standards
None or don’t know
Description of accessibility
Web3 is designed to be highly flexible with easy-to-use functions that are accessible for all users from a variety of backgrounds. The intuitive user interface renders complex processes simple, thereby allowing thousands of users to engage with the system. The system is already in use within the public sector and can be configured to comply with specific standards.

web3 aims to conform to the W3C and Level AA standard. Where the highest standards of accessibility cannot be met for any reason, Wax Digital will provide the information in an accessible format on request.
Accessibility testing
If required, Wax Digital can assess the ability to integrate web3 with access technologies such as Jaws, Dragon, Inspiration, OpenBook, Texthelp and ZoomText
Customisation available
Description of customisation
For each client, the core solution is configured to their specific requirements. As an experienced software provider, Wax Digital understands that each organisation has its own unique requirements and as such, has designed its modules to be flexible and adaptable to all current/future business objectives and cases.

A high level of personalisation for key areas is also available including dashboards, forms, menu options, favourites etc. with users able to customise their display settings. Customisable dashboards deliver real-time windows on all key system and user activities, whilst powerful reporting facilities provide tailored management information to drive better business decisions. Users are able to delve into the system data at a granular level and create, save and share any number of personalised reports that can be exported.


Independence of resources
Wax Digital's client systems are segregated by single application and database instances. These are managed, backed up and configured as if they were isolated on a stand-alone environment.


Service usage metrics
Metrics types
Web3 supports service metrics through inbuilt analytics and reporting. Dashboards can be used to monitor system usage including the number of active users, the number of logins per day, value of spend associated with each account, and spend by supplier etc.

The online helpdesk also allows clients to self-serve against report requirements on an ad-hoc basis. The inbuilt reporting options make it possible to run both predefined and custom reports and to filter out various snapshots of data, as per client-defined criteria. A Ticket Search allows more than a dozen filter options to be applied against any given query.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be extracted from the database into a dataset where it can be saved and exported in a standard format (e.g. CSV, XML and/or pdf file) for delivery to the user.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Pdf
  • XML deriviatives
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML deriviatives
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Service Level for availability is that the system will be available 99.5% of all Business Hours and be available 95% at all other times.
Approach to resilience
Available on request.
Outage reporting
In order to ensure the efficient running of its production environment, Wax Digital reserves the right to use a scheduled and/or emergency maintenance period for the purpose of application upgrades and general system maintenance. Any intention to employ these maintenance windows will be agreed with the Client in advance.

Wherever reasonably possible, Wax Digital will notify the client 7 days prior to the event via email, and schedule outages at a time that will have minimal impact. Wax Digital will present a screen to the user, informing users that the system is unavailable and giving the expected time that the system will become available.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Wax Digital deploys access control mechanisms to protect critical and sensitive information including authorisation, segregation of privileges, and passwords.

The Head of IT Services is responsible for ensuring that both logical and physical access to sensitive information and systems are controlled, and procedures are in place to ensure their protection. Access control rules and rights to applications for each user are clearly stated in the ISO27001 certified, Access Control Policy and Procedures. A table within the policy summarises the roles and responsibilities by job function, for both internally and externally-based systems. All access granted, modified and terminated is recorded.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Wax Digital’s Information Security System is certified for the design, development and provision of its eProcurement software and services to internal and external customers and relevant suppliers.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
In support of the commitment to information security and compliance to all laws and regulations, Wax Digital operates an ISO27001 certified Information Security Management System (ISMS) that preserves confidentiality, responsibility, integrity and availability of information across all locations. This overall management structure, enables compliant information security to be embedded into the design of all processes, information systems and controls.

The ISMS is established, implemented and maintained by Wax Digital's senior management team, and reviewed to ensure that it remains appropriate to the purpose and context of the organisation. It is also supported by additional topic-specific policies, which further mandate the implementation of information security controls that are structured to address the needs of defined laws, regulations, target topics and/or groups. These policies are available upon request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Any minor enhancements or changes deemed by Wax Digital to constitute a Change Request will trigger formal pricing/delivery proposal mechanisms according to a formal ISO27001 certified, Change Control and Management Policy. Change requests are logged via the helpdesk as per issues and escalated to the commercial contact for pricing and further discussion.

Changes are tested thoroughly and applied to a User Acceptance Testing environment for sign off by the client. The changes are then be rolled to the live platform.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Wax Digital has robust mechanisms in place for vulnerability and patch management. All application, system and network device vulnerabilities are assessed, and all security patches are applied in a timely manner following a risk-based approach to prioritise the critical patches.

Critical updates are applied weekly, and Service Packs are applied ad hoc or when there is an application requirement. All security patches are automatically downloaded immediately on release and applied on a weekly basis. Should Wax Digital review and see the need for these to be applied immediately, they are.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The security of Wax Digital's monitoring processes are regularly assessed and audited to ISO27001 standards. web3 is constantly monitored internally for emerging vulnerabilities.

The following are monitored as a minimum:
- Hardware resources (CPU, Transaction Volumes, Disk Space, Memory Utilisation, Network Card Throughput etc.)
- ESB routes for failed file transmissions
- Ping results for server response times internet side
- Critical Services
- Backup routines
- Maintenance tasks

Panda Cloud Security is also used for monitoring software usage; unauthorised files or software are automatically investigated and the outcomes are considered for possible disciplinary action, as well as deletion.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Wax Digital has the following regularly reviewed, ISO27001 certified policies to set out how incidents should be managed: Information Security Incident Response and Collection of Evidence Procedure; and Incident Weakness and Event Reporting Procedure. The online helpdesk records all security incidents immediately upon receipt, allocating to each a unique reference and uses these records to ensure that all such reports are analysed and closed out. The Head of IT Services is responsible for coordinating the response to any reported security weakness including informing all interested parties; documenting all emergency steps taken; collecting the evidence; and closing out the event.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
NHS Network (N3)


£11670 per unit per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑