Edenhouse Solutions

SAP Commerce Cloud

SAP Hybris Commerce is a leading digital platform that allows you to connect with your customers anytime, from any device, driving digital transformation. Enabling you to put your customers at the heart of everything you do. Commerce Cloud contains Citizen, B2B, B2C and telecommunications templates for rapid implementation.


  • Powerful product content management
  • Fully integrated web content management and merchandising tools
  • Advanced search and navigation
  • Advanced personalisation and marketing
  • Optional Order Management and Fulfilment
  • Modern data integration tools
  • Omni-channel touchpoint integration
  • Complex promotion management rules engine
  • Support for product bundling and configuration
  • Cisitzen, B2B, B2C and Industry relevant accelerators


  • Full featured commerce and web platform
  • Lower development and implementation costs
  • Easier upgrades, maintenance and upgrades
  • Better visibility of the customer across all touchpoints
  • Optimized web search/SEO
  • Easily enrich and publish product data
  • Fully responsive site
  • Multiple language support from the same site
  • Publish content from an easy to use graphical interface
  • Easily manage content and products across multiple sites


£4292 per unit per month

Service documents


G-Cloud 11

Service ID

7 1 3 6 3 8 4 3 2 2 3 6 7 7 5


Edenhouse Solutions

Philip Cartwright

+44(0) 330 058 6020


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Weekly maintenance is Sunday 2:00 a.m. to Sunday 6:00 a.m. local time
Hotfix collection is Biweekly, Sunday 2:00 a.m. to Sunday 6:00 a.m. local time
Quarterly upgrades are up to four times a year from Saturday 3:00 a.m. to Sunday 3:00 a.m. local time. SAP will provide advance information to customer about the planned upgrade scheduling.
System requirements Hosted by SAP in MS Azure, licence included

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24x7 Mission Critical Support for P1 and P2
issues (English only)

Non Mission Critical Support for P3 and P4
issues during business hours (English only)
Monday to Friday 8 am
to 6 pm (Local Time Zone),
excluding local holidays
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels Edenhouse provide support all SAP products for both technical and functional support. Our support model is time based with time called off in 30 minute increments against an agreed number of days with each day being 7.5 hours. All of our UK based support consultants are senior level with an average of 16 years’ experience across the teams and so we have one charging rate for all consultants as well as a management fee depending on the size and scale of the required model - such as if additional services are request like out of hours support or system monitoring. A named account director and named service delivery manager are assigned to all of our support accounts. Both these individuals perform roadmap planning, and monthly reviews with each of our customers whilst also ensure SLA compliance.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Edenhouse Solutions provide a training program to match customer needs, whether this is train-the-trainer, end-user training or a blend of both methods. Administrator training is also provided. Training of key users assigned to the project occurs organically as part of the project knowledge transfer process.
The solution in-built documentation is of a very high standard, linking help articles to visual indicators on screen.
SAP also provide a wealth of online release and help information, including video tutorials and direct service support.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data may be extracted through analytics functionality or through the use of the APIs.
End-of-contract process At the end of the agreed term, the contract may be renewed or terminated. In the event of termination, an exit plan would be assembled in advance with steps and charges discussed and mutually agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive and adaptive design allow Fiori apps to run on desktop, tablets, smartphones, and hybrid devices. As users switch across devices, Fiori apps automatically accommodate the resolution, image size, and scripting. Users can work how and where they want, regardless of device.
Service interface Yes
Description of service interface Self-service admin interface available
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing N/a
What users can and can't do using the API Hybris Commerce is based on web standards and contains numerous APIs:

* Import , Update, Read customer
* Integration with Marketing
* Import Product Categories and Hierarchies
* Import Products and Product Category Assignments
* Import prices
* Import promotions and coupons
* Digital Asset Management - import media
Headless commerce
Event drive rapid development
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation An administrator can customise the following within the service:

* Site design and content
* Product content
* Custom attributes and search facets
* Merchandising / Promotions
* Customer Journey process flow
* Languages used/translations
* Target groups/Personalised content
* Online forms


Independence of resources The project will be sized based on expected and peak demands


Service usage metrics No


Supplier type Reseller providing extra support
Organisation whose services are being resold SAP Hybris

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users cannot export their data given the nature of the tool. It is possible for admin to export data based on export jobs if required
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability System availability SLA is 99.5% system availability during each calendar month for production versions.

Credits are 2% of Monthly Subscription Fees for each 1% below 99.5% System Availability, not to exceed 100% of Monthly Subscription Fees
Approach to resilience SAP data centres have the following features to ensure continuity of service:
* Redundant additional power network in case of power outage
* Backup batteries and generators
* Redundant additional coolant systems in case of coolant system failure
* Redundant additional internet connection to guarantee connectivity
* Data stored in backup location to save-guard against natural disasters and malicious attacks
Outage reporting Where here is a service outage, all affected customers will receive email updates from SAP to their nominated IT representative for each of their affected systems. Details included are the system affected, the date/time of the incident start and when it was resolved, a description of the original issue, details of the root cause, problem resolution and corrective action being taken to prevent repeat occurrences.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted using assigned business roles and organisational management assignment.

Restrictions are contextual (e.g. users can see data relating to them, their team, their territory; managers can see data relating to their team members) and can be restricted at different levels:

* Screen access (work centres and views)
* Fields can be write, read-only or restricted
* Actions (e.g. escalating a ticket, exporting specific data to Excel )

Additionally, page layouts and the model rule editor enable setting attributes including visibility of screen sections or specific fields by business role or data (e.g. hide field "x" for complaint tickets).
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 26.02.2016
What the ISO/IEC 27001 doesn’t cover The scope for Edenhouse Solutions ISO27001 accreditation is SAP Support, Enhancements and Projects. What is currently out of scope and therefore not included are the following areas
Key management – we do not have a policy on the protection of cryptographic keys as we currently do not use these.
Working in Secure areas – We currently have no procedures for working in secure areas as Edenhouse do not have any secure area working currently.
Secure development policy – Rules for the development of software are not in place as Edenhouse does not currently develop software.
Restrictions on changes to software packages. Currently no procedures in place as we do not develop software.
All of the above would be reviewed and policies created should they come into scope for Edenhouse.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO 27002
BS 10012
Information security policies and processes We have our own ISO 27001 Accredited Information Security Policy which we are happy to share.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We align our change management processes to the customer's requirements, however, for internal changes we have a Change advisory Board to review all change requests and approval is only given from the CAB to proceed with any change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have an Annual Vulnerability check and based on the findings from that check we create tasks to eliminate any found vulnerabilities.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our Data Centre have a Network Operations centre which continuously monitor our network and communication lines. We also have internal monitoring where we run an average of 5 million tests per month.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We align ourselves to ITIL incident management processes and use SAP CRM toolset for the incident life cycle.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4292 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Full version available to download and install locally, including all accelerators recipes
Link to free trial https://help.hybris.com/6.7.0/hcd/8c46c266866910149666a0fe4caeee4e.html

Service documents

Return to top ↑