Online Ordering
To facilitate the online ordering of goods either directly with suppliers or using approval processes to permit authorisation.
Features
- Real time ordering
- Compliance
- Mobile working
- PWA Progressive Web Application
- Notifications
Benefits
- Access remotely ordering tools
- Approvals on the go
- Only order permitted items
- Manage orders and fulfilment
- Manage budgets
Pricing
£25,000 a licence a year
- Education pricing available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at <removed>@cc1a7fa1-2fa0-4ef1-baaf-1a51e5fe4788.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
7 3 3 7 8 7 1 3 2 1 0 2 9 6 0
Contact
Evolve Retail
<removed>
Telephone: <removed>
Email: <removed>@cc1a7fa1-2fa0-4ef1-baaf-1a51e5fe4788.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Can be integrated directly into ERP platforms or other online platforms to deliver/surface existing capabilities.
- Cloud deployment model
- Private cloud
- Service constraints
-
Requires hardware that can run NUXT and other JavaScript frameworks
Will need patching and updates to be applied - System requirements
-
- Specific instance software license
- Runs on Linuz
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We have a set of standard SLAs in place for Monday - Friday (08:30 - 17:30) and support 'as requested' over weekends.
Our response times vary according to the ticket severity and type from 30 minutes to 2 hours. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide the following support levels (with flexible SLA's) within our Foundations package which typically costs £750 per month:
- Email/Telephone Support
- Unlimited tickets
- Monitoring (24/7/365)
- Active firewall
- Reporting (Uptime/Availability/tickets)
- Customer Service manager
We can also tailor packages to specific customer requirements - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide onsite training and in 'application' guides using automated processes.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We can provide this service and typically provide a data extract of all client data either through a DB copy or we can stand up an API for direct access.
- End-of-contract process
-
The initial data extraction and subsequent data cleanse is included within the contract value.
Any further services or hosting of data would be additional
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Some features are not enabled such as complex reporting and export of data to CSV/Spreadsheets.
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
-
The following can be customised by the Evolve team:
Styling (look and feel)
Workflows
Permissions
The following can be customised by the Service user team:
Content
User set up
Budget allocation
Scaling
- Independence of resources
-
We have intelligent load balancing capabilities allowing the services to scale - each one can be its own instance too providing walls between services.
In addition - our use of PWA means that a lot of the processing can happen 'browser side' to remove the load from the server.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide the following per service:
Uptime and Availability
User usage
We provide at least the following per instance:
Orders placed
User journeys
Analytics - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Either using the built in reports or via our help desk provision.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Direct Database copies
- .XLS
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JSON
- XLS
- Direct database access
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
We use MS Azure and so are backed by their SLA's:
Last updated: March 2018
For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
For any Single Instance Virtual Machine using premium storage for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%. - Approach to resilience
- This is available on request
- Outage reporting
-
We use Monitis for monitoring - this delivers us uptime and usage reports.
We can also make this available to our clients directly.
Upon alert we notify clients and begin the process required for fail over if we deem it necessary,
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- This is restricted to named users and controlled by our in house support team.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- No
- Security governance approach
- We adopt an ISO 27001 approach to security and will use the ISMS guidelines as a basis.
- Information security policies and processes
-
Within the group we have a full suite of the policies implemented by all group businesses.
The group work closely to make sure that we adhere to the policies as required.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All of our base code is managed via BitBucket (GIT) and applied to the site following approval from either our product manager OR client.
Our solution is built up of different modules which are joined together for client requirements - these each have to be security, unit and developer tested before they are pushed to a staging environment.
Untested code cannot pass out of the environment to production.
Each deployment is managed by Deployer allowing us to review what is deployed and facilitate a roll back when required. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Threats are evaluated by severity and risk - this determines the response times allocated (High Severity and High risk being scheduled first)
Patches are deployed within days of receiving them
Information is gathered from a variety of online sources and also our own testing.
We use Foregenix to help us understand these vulnerabilities. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We use several outside agency resources for this including (But not limited to):
Developer community
Monitis
Foregenix
MS Azure
When we are notified of a compromise this raises an alert on our ticketing system which then begins the process.
For a compromise we then alert our clients to allow them to decide whether or not to begin a 'problem process'.
Incidents are responded to within the SLAs provided. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have a comprehensive incident management process which includes a process for support to be instigated.
This details the route for support to be raised and notification process.
Where required we also can provide RCA reports post event.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £25,000 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at <removed>@cc1a7fa1-2fa0-4ef1-baaf-1a51e5fe4788.com.
Tell them what format you need. It will help if you say what assistive technology you use.