Collaborative Purchasing

Silverwing is a digital platform that enables public sector organisations to automatically aggregate their purchases with others, driving more value in purchasing and faster adoption of new technologies


  • A highly intuitive interface designed exclusively for collaborative purchasing
  • Automated document management
  • Manage supplier credit agreements
  • Intuitive basket & checkout process
  • Punch out to legacy procurement systems
  • Access to experienced customer support staff


  • Access lower prices through collaborative purchasing
  • Increase process efficiency & save time
  • Improve visibility & compliance
  • Leverage data to gain a better understanding of your purchasing
  • Gain full control and visibility over total spend
  • Access innovation earlier, without the financial burden of early adoption


£0.00 to £20000 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 9 0 5 2 7 6 4 3 0 9 2 8 1 7



Oliver Squires


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • The system requires internet connection
  • Access to a web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 working day.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Screen reader support: the Messenger is accessible via screen readers

Keyboard navigation: Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad.

Colour contrast: all text in the web Messenger is clearly visible when using colours with enough contrast.
Onsite support
Support levels
We provide a Support Centre for 1st line support with additional technical resources for 2nd and 3rd line as required. Users can have access to an Account Manager as required.
Support available to third parties

Onboarding and offboarding

Getting started
Users are allocated a product education manager who is available to take the user through the onboarding process with the help of user guides and screen sharing sessions.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At any point, a user can contact our support team via email to request their data to be extracted. 30 Days after the contract ends all data will be deleted for the user. A user can request to have their data deleted or extracted at any point during these 30 days.
End-of-contract process
Upon receipt of notification from a customer that they wish to terminate and/or not extend their contract with Silverwing, all data will be transferred back to the customer within 30 days of the contract termination.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The content is the same. The layout may appear different in certain sections to accommodate the screen size.
Service interface
Description of service interface
Users can sign into a secure online portal with their account details where they can access the collaborative purchasing platform.
Accessibility standards
None or don’t know
Description of accessibility
Screen reader support: the service is accessible via screen readers
Keyboard navigation: Every component of the service can be accessed using a keyboard without requiring a mouse or trackpad.
Colour contrast: all text in the web portal is clearly visible when using colours with enough contrast.
Accessibility testing
The system has been tested to ensure that the screen reader and keyboard navigation make it possible to access all of the service via screen readers and without the use of a mouse or trackpad.
Customisation available
Description of customisation
Users are able to customise the service in multiple ways:

- Users can change their organisation logo.

- Organisation admins can customise who from their organisation can join the platform.


Independence of resources
Silverwing offers a load balanced scaleable platform which ensures users are not affected by spikes in demand.

Silverwing's support and development team is scaled to meet current and future demand. We can mobilise additional resource available at short notice if required.


Service usage metrics
Metrics types
Users with the necessary permissions are able to access usage metrics. Metrics typically include supplier credit responses and suppliers contacted. Additional metrics may be specified during the system configuration and implementation.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data in bulk via CSV.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We aim to provide customers a system uptime of greater than 95% (excluding scheduled weekend and other agreed maintenance downtime). Failure to achieve this, will result in customers being provided with service credits.
Approach to resilience
Available on request.
Outage reporting
There have been no service outages to date. However, in the event of an outage, users will be notified via email.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All system access is permission based. The process for assigning and changing user permissions will be agreed as part of the implementation.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We approach our security governance in accordance with the controls and guidelines as defined and set out for ISO27001
Information security policies and processes
During new employee onboarding each employee is required to read the Data Protection and Information Security and Governance policies and to provide confirmation that they understand the policies and will adhere to them.

Data Protection:

Audits to review the content of Silverwing computers are performed at irregular time frames throughout each financial year, during the audit the PC will be checked to ensure that no personal data is held. If it is discovered that personal data is held on a PC then it will be immediately reported to the CEO and a course of corrective action will be defined

Information Security & Governance:

Audits are performed on Silverwing employees (by random selection) at irregular time frames throughout each financial year, during the audit Silverwing will check if the employee has been working in compliance with the regulations contained in the Information Security & Governance policy. If it is discovered that an employee has breached these regulations then it will be immediately reported to the CEO and a course of corrective action will be defined.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and customisation requested are captured (either during implementation or during support phase) and are implemented first in the UAT (Test) environment. All file systems that store requests are / have audit switched on and are centrally logged and monitored.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Silverwing's threat management software is constantly monitoring the service at various points and levels and will notify selected parties by email immediately. Virus scan software is also run against backups to ensure historical data is also clean. Patches relating to any potential issues or threats are carried out immediately. Patches for software bugs or fixes are carried out between our quarterly releases as and when required however these can be on average every two weeks. Known vulnerabilities are tracked until mitigations have been deployed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Silverwing follows NIST Incident Response Lifecycle for security incidents, whereby, known vulnerabilities and secure configurations are scanned to identify any potential weaknesses.

At the application level, we perform code reviews, we incorporate security in our coding methodologies and test against use permissions.

Known incidents are responded to with the highest priority.
Incident management type
Supplier-defined controls
Incident management approach
Incidents such as a security breach or system down are managed according to our priority 1 management protocol. Business continuity planning includes taking back-ups, and a data-restore process. Employees or third parties who become aware of an issue which does not meet the organisation’s defined approach and standards, or which has the potential for such an adverse effect, should immediately raise this to the CTO either verbally or via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0.00 to £20000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Use of the platform with basic functionality. Limited to the sourcing and purchasing of products and basic order management.

Service documents

Return to top ↑