To facilitate the online ordering of goods either directly with suppliers or using approval processes to permit authorisation.
- Real time ordering
- Mobile working
- PWA Progressive Web Application
- Access remotely ordering tools
- Approvals on the go
- Only order permitted items
- Manage orders and fulfilment
- Manage budgets
£25000 per licence per year
- Education pricing available
7 3 3 7 8 7 1 3 2 1 0 2 9 6 0
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Can be integrated directly into ERP platforms or other online platforms to deliver/surface existing capabilities.|
|Cloud deployment model||Private cloud|
Will need patching and updates to be applied
|Email or online ticketing support||Email or online ticketing|
|Support response times||
We have a set of standard SLAs in place for Monday - Friday (08:30 - 17:30) and support 'as requested' over weekends.
Our response times vary according to the ticket severity and type from 30 minutes to 2 hours.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We provide the following support levels (with flexible SLA's) within our Foundations package which typically costs £750 per month:
- Email/Telephone Support
- Unlimited tickets
- Monitoring (24/7/365)
- Active firewall
- Reporting (Uptime/Availability/tickets)
- Customer Service manager
We can also tailor packages to specific customer requirements
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide onsite training and in 'application' guides using automated processes.|
|End-of-contract data extraction||We can provide this service and typically provide a data extract of all client data either through a DB copy or we can stand up an API for direct access.|
The initial data extraction and subsequent data cleanse is included within the contract value.
Any further services or hosting of data would be additional
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Some features are not enabled such as complex reporting and export of data to CSV/Spreadsheets.|
|Description of customisation||
The following can be customised by the Evolve team:
Styling (look and feel)
The following can be customised by the Service user team:
User set up
|Independence of resources||
We have intelligent load balancing capabilities allowing the services to scale - each one can be its own instance too providing walls between services.
In addition - our use of PWA means that a lot of the processing can happen 'browser side' to remove the load from the server.
|Service usage metrics||Yes|
We provide the following per service:
Uptime and Availability
We provide at least the following per instance:
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Either using the built in reports or via our help desk provision.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
We use MS Azure and so are backed by their SLA's:
Last updated: March 2018
For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
For any Single Instance Virtual Machine using premium storage for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%.
|Approach to resilience||This is available on request|
We use Monitis for monitoring - this delivers us uptime and usage reports.
We can also make this available to our clients directly.
Upon alert we notify clients and begin the process required for fail over if we deem it necessary,
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||This is restricted to named users and controlled by our in house support team.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||No|
|Security governance approach||We adopt an ISO 27001 approach to security and will use the ISMS guidelines as a basis.|
|Information security policies and processes||
Within the group we have a full suite of the policies implemented by all group businesses.
The group work closely to make sure that we adhere to the policies as required.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All of our base code is managed via BitBucket (GIT) and applied to the site following approval from either our product manager OR client.
Our solution is built up of different modules which are joined together for client requirements - these each have to be security, unit and developer tested before they are pushed to a staging environment.
Untested code cannot pass out of the environment to production.
Each deployment is managed by Deployer allowing us to review what is deployed and facilitate a roll back when required.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Threats are evaluated by severity and risk - this determines the response times allocated (High Severity and High risk being scheduled first)
Patches are deployed within days of receiving them
Information is gathered from a variety of online sources and also our own testing.
We use Foregenix to help us understand these vulnerabilities.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We use several outside agency resources for this including (But not limited to):
When we are notified of a compromise this raises an alert on our ticketing system which then begins the process.
For a compromise we then alert our clients to allow them to decide whether or not to begin a 'problem process'.
Incidents are responded to within the SLAs provided.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a comprehensive incident management process which includes a process for support to be instigated.
This details the route for support to be raised and notification process.
Where required we also can provide RCA reports post event.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£25000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|