ARCIVATE LTD

Mi Invoices

Automated invoice processing solution provided in the cloud as a SaaS offering, multi-tenanted in an ISO 27001 & PCI certified data centre, that enables a rapid deployment for clients. Utilises Capture, OCR and Workflow technology fully integrated with Oracle ERP Cloud, E-Business Suite, JDE, PeopleSoft & NetSuite.

Features

  • Multi-format Invoice Capture
  • Real-time Integration with all Oracle ERP's
  • Non-template, intelligent OCR recognition
  • 100+ OCR language support
  • Any language GUI capability
  • Intelligent 3 way Purchase Order Matching
  • Support of Single Sign On (SSO)
  • Support of mobile approval
  • Full audit trail and compliance document
  • Intelligent coding for non-purchase order invoices

Benefits

  • Process 100% of invoices from day 1
  • Intuitive single screen processing of invoice tasks
  • Rapid implementation to maximise ROI
  • Minimal training required
  • Reduction in time and effort to process and approve invoices
  • Intuitive Purchase Order Header level and total receipt matching
  • Interactive supplier communications
  • OCR anomalies handled by Arcivate with feedback button
  • Continuous upgrades and new functionality improvements
  • Fast search, retrieval and view of supplier invoices

Pricing

£0.52 to £1.25 a transaction a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.howard@arcivate.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 7 7 1 3 3 5 8 6 0 4 1 1 5 6

Contact

ARCIVATE LTD Jason Howard
Telephone: 07730620430
Email: jason.howard@arcivate.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Maintenance Window for Mi Invoices Service
After 6pm and before 6am UK time for any Arcivate required maintenance windows.
Any customer specific updates are run on a per tenancy/environment basis and can be run during standard office hours with agreement from the client.
Mi Invoices supports the latest available browsers.
System requirements
  • Internet connection with industry standard levels
  • Supported Web browser
  • For on-premise ERP's a software agent will be installed
  • At least 1 email address provided by the client

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support is UK Business hours Monday to Friday 9am -5pm.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The SaaS solution is provided with Standard Support included. Additional costs are dependent on the requirements of the client.
We provide a Customer Account Manager to each Client as there is a central support setup with an escalation to the Development & Support Director.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide on-site training and a User Guide document. Included in onboarding we provide training prior to testing for all Business Users and a refresher before go-live.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We facilitate supplying the client all there image files and data back to them on a mutually agreed medium within 30 days of contract conclusion.
End-of-contract process
There is an additional fee of £5k + percentage of the quarterly fee dependent on criteria detailed in the Pricing document. Offboarding includes all header data and files from our system when the contract concludes.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no differences, the solution scales to the available screen size.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Process configurations, logo configuration, additional fields are examples of customisations which can be completed by Arcivate only.

Scaling

Independence of resources
Our service is scalable and is managed in the ability for processes and hardware to be scalable via the use of elastic setup. Each client is included in a dedicated tenancy, with allocated resources.

Analytics

Service usage metrics
Yes
Metrics types
These are business process metrics e.g. Invoices straight through processed. There is also search functionality with the ability to save custom searches.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is a functionality within the system to download files that contain client data as part of the solution.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
We utilise Oracle API's to connect securely to the application for Cloud ERP's. For on-premise ERP's we deploy a secure Oracle agent which runs locally and connects directly to the applications tenancy.
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service availability is calculated on a calendar month basis, excluding Maintenance Periods.
Arcivate guarantees the availability of the Service for 98% of the time.
If it is clear that the Service has not reached this level of availability and the Client has been affected, compensation in the form of discount will be allocated as follows:
• If the Service is available less than 98% of the time in a month, the Client will receive a discount of ten (10)% of the annual Mi Invoices fee set out in the Order Form, pro-rated for the period of one month;
• If the Service is available less than 96% of the time in a month, the Client will receive a discount of twenty (20)% of the annual Mi Invoices fee set out in the Order Form, pro-rated for the period of one month;
Approach to resilience
The datacentre utilised is triple replicated across 3 different geographical sites with high availability, full failover, live-live replication and multiple communication links. The datacentres are locked down, security controlled, with multiple power supply connections and backups.
There are firewalls and full anti-virus installed on all servers.
Outage reporting
We have to date not had any outages as system was designed to be fully resilient. However, should an issue occur, automatic emails are generated to key staff members.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Single Sign On (SSO) is supported using a token.
Applications can be restricted to a whitelist, meaning users have to be on their organisation's network to access the service.
Access restrictions in management interfaces and support channels
There are restrictions imposed on user administrators. Any admin user is not permitted to access any other element of the application. Support is provided through the organisation's helpdesk and must be from the Arcivate network.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
FSQS

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
The security of the application is regularly pen tested and governance and controls are ensured throughout the application. There are Firewalls on the infrastructure and the customer application can be restricted to a whitelist.
Information security policies and processes
It is the policy of Arcivate to ensure that all information systems operated by Arcivate are secure and aspire to comply with the requirements of the Data Protection Act, the Computer Misuse Act and (at the level of principles) the International Standard for Information Security ISO270001:2005. It is also the aim of Arcivate that all staff must be fully aware of the need to maintain secure systems and fully understand their responsibilities as outlined in our internal policy.
Managers must also take responsibility to ensure: All new staff receive a briefing on this policy as part of their Day 1 introduction to Arcivate and formally sign the Acknowledgement of Acceptance before they are given access to any of Arcivate’s IT Systems. All staff review this Policy and re-confirm acceptance on an annual basis or when invited to do so.
Escalation to board level is via the appropriate department directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All solution and components updates go through a rigorous development and testing procedure. All code is peer-reviewed and all security implications are reviewed as a when required based on the changes being implemented. All updates are tracked through milestones and code history is maintained.
Vulnerability management type
Undisclosed
Vulnerability management approach
There is an annual pen test and all remedial actions are undertaken immediately and tied in with an upcoming release. Anti-virus is installed on all public-facing servers, along with firewall protection and any system attacks trigger a denial of service.
Protective monitoring type
Undisclosed
Protective monitoring approach
Information Security Incidents must be reported within one business day of occurring in accordance with Arcivate’s Security Incident Policy which classifies the type of security incident and ensures appropriate notification of relevant parties. Loss of any piece of ICT equipment (computer, laptop, mobile phone, USB storage device, VPN token etc), is classed as a security incident and must be reported. Information Security Incidents should be reported via the Report an Information Security Incident form.
Where any incident relates to Customer Data, Arcivate Business Impact or Potential Reputational Damage then the Arcivate Management Board will need notifying immediately.
Incident management type
Undisclosed
Incident management approach
From the Information provided in the Incident Report Form the following steps need to be actioned.
a)Confirm / Replicate the issue
b)Assess the issue and applications affected
c)Copy any logs from affected systems
d)Isolate any infected systems
e)Remove any point of entry, unplug PC’s or turn off firewalls etc
f)Assess the risk to the business
g)Notify the Manager and staff of the affected area
h)If Customer Affected the inform the Sales Director
i)Start an Incident Process Form

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.52 to £1.25 a transaction a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.howard@arcivate.com. Tell them what format you need. It will help if you say what assistive technology you use.