Edenhouse Solutions

SAP Commerce Cloud

SAP Hybris Commerce is a leading digital platform that allows you to connect with your customers anytime, from any device, driving digital transformation. Enabling you to put your customers at the heart of everything you do. Commerce Cloud contains Citizen, B2B, B2C and telecommunications templates for rapid implementation.


  • Powerful product content management
  • Fully integrated web content management and merchandising tools
  • Advanced search and navigation
  • Advanced personalisation and marketing
  • Optional Order Management and Fulfilment
  • Modern data integration tools
  • Omni-channel touchpoint integration
  • Complex promotion management rules engine
  • Support for product bundling and configuration
  • Cisitzen, B2B, B2C and Industry relevant accelerators


  • Full featured commerce and web platform
  • Lower development and implementation costs
  • Easier upgrades, maintenance and upgrades
  • Better visibility of the customer across all touchpoints
  • Optimized web search/SEO
  • Easily enrich and publish product data
  • Fully responsive site
  • Multiple language support from the same site
  • Publish content from an easy to use graphical interface
  • Easily manage content and products across multiple sites


£4292 per unit per month

Service documents


G-Cloud 11

Service ID

7 1 3 6 3 8 4 3 2 2 3 6 7 7 5


Edenhouse Solutions

Peter Heffner

+44(0) 330 058 6020


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Weekly maintenance is Sunday 2:00 a.m. to Sunday 6:00 a.m. local time
Hotfix collection is Biweekly, Sunday 2:00 a.m. to Sunday 6:00 a.m. local time
Quarterly upgrades are up to four times a year from Saturday 3:00 a.m. to Sunday 3:00 a.m. local time. SAP will provide advance information to customer about the planned upgrade scheduling.
System requirements
Hosted by SAP in MS Azure, licence included

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7 Mission Critical Support for P1 and P2
issues (English only)

Non Mission Critical Support for P3 and P4
issues during business hours (English only)
Monday to Friday 8 am
to 6 pm (Local Time Zone),
excluding local holidays
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Edenhouse provide support all SAP products for both technical and functional support. Our support model is time based with time called off in 30 minute increments against an agreed number of days with each day being 7.5 hours. All of our UK based support consultants are senior level with an average of 16 years’ experience across the teams and so we have one charging rate for all consultants as well as a management fee depending on the size and scale of the required model - such as if additional services are request like out of hours support or system monitoring. A named account director and named service delivery manager are assigned to all of our support accounts. Both these individuals perform roadmap planning, and monthly reviews with each of our customers whilst also ensure SLA compliance.
Support available to third parties

Onboarding and offboarding

Getting started
Edenhouse Solutions provide a training program to match customer needs, whether this is train-the-trainer, end-user training or a blend of both methods. Administrator training is also provided. Training of key users assigned to the project occurs organically as part of the project knowledge transfer process.
The solution in-built documentation is of a very high standard, linking help articles to visual indicators on screen.
SAP also provide a wealth of online release and help information, including video tutorials and direct service support.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data may be extracted through analytics functionality or through the use of the APIs.
End-of-contract process
At the end of the agreed term, the contract may be renewed or terminated. In the event of termination, an exit plan would be assembled in advance with steps and charges discussed and mutually agreed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Responsive and adaptive design allow Fiori apps to run on desktop, tablets, smartphones, and hybrid devices. As users switch across devices, Fiori apps automatically accommodate the resolution, image size, and scripting. Users can work how and where they want, regardless of device.
Service interface
Description of service interface
Self-service admin interface available
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
What users can and can't do using the API
Hybris Commerce is based on web standards and contains numerous APIs:

* Import , Update, Read customer
* Integration with Marketing
* Import Product Categories and Hierarchies
* Import Products and Product Category Assignments
* Import prices
* Import promotions and coupons
* Digital Asset Management - import media
Headless commerce
Event drive rapid development
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
An administrator can customise the following within the service:

* Site design and content
* Product content
* Custom attributes and search facets
* Merchandising / Promotions
* Customer Journey process flow
* Languages used/translations
* Target groups/Personalised content
* Online forms


Independence of resources
The project will be sized based on expected and peak demands


Service usage metrics


Supplier type
Reseller providing extra support
Organisation whose services are being resold
SAP Hybris

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users cannot export their data given the nature of the tool. It is possible for admin to export data based on export jobs if required
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
System availability SLA is 99.5% system availability during each calendar month for production versions.

Credits are 2% of Monthly Subscription Fees for each 1% below 99.5% System Availability, not to exceed 100% of Monthly Subscription Fees
Approach to resilience
SAP data centres have the following features to ensure continuity of service:
* Redundant additional power network in case of power outage
* Backup batteries and generators
* Redundant additional coolant systems in case of coolant system failure
* Redundant additional internet connection to guarantee connectivity
* Data stored in backup location to save-guard against natural disasters and malicious attacks
Outage reporting
Where here is a service outage, all affected customers will receive email updates from SAP to their nominated IT representative for each of their affected systems. Details included are the system affected, the date/time of the incident start and when it was resolved, a description of the original issue, details of the root cause, problem resolution and corrective action being taken to prevent repeat occurrences.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted using assigned business roles and organisational management assignment.

Restrictions are contextual (e.g. users can see data relating to them, their team, their territory; managers can see data relating to their team members) and can be restricted at different levels:

* Screen access (work centres and views)
* Fields can be write, read-only or restricted
* Actions (e.g. escalating a ticket, exporting specific data to Excel )

Additionally, page layouts and the model rule editor enable setting attributes including visibility of screen sections or specific fields by business role or data (e.g. hide field "x" for complaint tickets).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The scope for Edenhouse Solutions ISO27001 accreditation is SAP Support, Enhancements and Projects. What is currently out of scope and therefore not included are the following areas
Key management – we do not have a policy on the protection of cryptographic keys as we currently do not use these.
Working in Secure areas – We currently have no procedures for working in secure areas as Edenhouse do not have any secure area working currently.
Secure development policy – Rules for the development of software are not in place as Edenhouse does not currently develop software.
Restrictions on changes to software packages. Currently no procedures in place as we do not develop software.
All of the above would be reviewed and policies created should they come into scope for Edenhouse.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 27002
BS 10012
Information security policies and processes
We have our own ISO 27001 Accredited Information Security Policy which we are happy to share.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We align our change management processes to the customer's requirements, however, for internal changes we have a Change advisory Board to review all change requests and approval is only given from the CAB to proceed with any change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have an Annual Vulnerability check and based on the findings from that check we create tasks to eliminate any found vulnerabilities.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our Data Centre have a Network Operations centre which continuously monitor our network and communication lines. We also have internal monitoring where we run an average of 5 million tests per month.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We align ourselves to ITIL incident management processes and use SAP CRM toolset for the incident life cycle.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£4292 per unit per month
Discount for educational organisations
Free trial available
Description of free trial
Full version available to download and install locally, including all accelerators recipes
Link to free trial

Service documents

Return to top ↑