Curtis Fitch

Curtis Fitch eSourcing

CF Suite is utilised by procurement teams to onboard and manage suppliers, run competitive tenders and auctions and full contract lifecycle management. CF Analytics sit on top of all these modules giving you powerful reporting and dashboarding capabilities.


  • Project Management for strategic eSourcing activities
  • Wide variety of eAuctions available
  • Contract Management, metadata capture, workflow and clause library
  • eSignature on contracts
  • Supplier performance management
  • Supplier Onboarding
  • Supplier and Service risk assessment
  • Bespoke dashboard and report builder
  • Quote me now - quick to market sourcing events
  • API integration with other business applications


  • Template your processes to quickly create content
  • View and manage risks easily within your supply chain
  • Easily trace site activity via an extensive audit trail
  • Comprehensive, bespoke dashboards enabling a deep dive into data
  • Manage your to do list via automated system notifications
  • Integrate across systems ensuring data is 'up to date'
  • Collaborate with team members and stakeholders
  • Invite suppliers to bid in 3 easy steps
  • Intuitive UI and design enables little training and high adoption
  • View and manage content from multiple devices


£1700 to £60000 per licence per year

Service documents


G-Cloud 11

Service ID

7 9 2 2 7 4 1 0 2 2 3 0 8 1 0


Curtis Fitch

Sanj Bath

01242 530900

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Javascript must be enabled
  • Adobe flash player is required for some file upload functionality
  • We recommend adding to trusted email list

User support

Email or online ticketing support
Email or online ticketing
Support response times
Users are provided with an immediate email response and ticket number. Further updates will be provided within 2 hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All our clients receive the same SLAs for support and this is dependent on the severity of the issue raised via the helpdesk. Each client is assigned an Account Manager who monitors any issues raised, takes feedback on the software performance and encourages clients to raise any improvements or changes they wish to see.

For Business clients we offer monthly catch up calls and on site annual face to face reviews. For Enterprise clients we offer monthly calls and on site quarterly face to face reviews.
Support available to third parties

Onboarding and offboarding

Getting started
The software is very intuitive to use so required user training is minimal. We offer a blended approach of an online support area that has training documents and videos. In addition to this we offer onsite classroom training for a larger number of users as part of the implementation process.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We offer a standard data export that follows a defined process and format. This data is made available 30 days after end of contract.
End-of-contract process
We run a script on your site that provides an export of all your data - this includes all Supplier details, contract information and project data. This data is provided in a zip folder format along with accompanying documents detailing the information in the folders. There is no cost for this.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The software is mobile optimised and is responsive to the device that is accessing the application.
Service interface
What users can and can't do using the API
We offer open API using a RESTful service. Users are required to create a middleware that can then be used to integrate CF Suite to other 3rd party applications.

We offer a developer toolkit that provides all the information needed e.g. authentication details, how to create get/push requests etc.

The API integrations are all managed by the client so any changes are all handled by the client.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The software is very customisable and this is done through the site configuration area once a user has logged in. Only users with the correct access levels are able to see the site configuration area.

- Branding can be applied the site URL including images, text and colours
- Security settings such as log out time, password controls
- Dropdown values across the site are configurable
- Default values can be set
- A large number of features and functionality across the modules can be turned on/off



Independence of resources
All services are load balanced and resource limits are monitored - additional resource is provisioned when demand requires it.


Service usage metrics
Metrics types
Clients can view user activity across the site, and see how many projects are created, contracts uploaded, supplier onboarded etc All with customisable filters defined by the client in our analytics module
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Physical access control, complying with SSAE-18
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are a number of standard pre-built reports across the site that users can run to extract data and insights.

We also offer CF Analytics which is a bespoke report and dashboard builder for clients to create an unlimited amount of specific, organisation driven reports. These reports can be run adhoc to export the data required.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.5% availability over any 3 month rolling period. We can include service credits if requested for not meeting this availability.
Approach to resilience
We can make this information available on request.
Outage reporting
Curtis Fitch has automated email alerts from our data centre provider that come to us. This is then disseminated manually to affected clients.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Each user profile is role based and restrictions can be placed using access levels across the software.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
One control from ISO 27001 is not in scope and that is Outsourced Development as we run an in house development team.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security polices and processes are in line with ISO27001/2013 and audited annually by the BSI,

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
This is defined in technical documentation (available in request) that is linked to Information Security Management (ISM)
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our service provider continually monitors potential threats as they emerge and communicates and potential issues with our infrastructure.
Protective monitoring type
Protective monitoring approach
We have a Data Protection and Incident Management policy that details all of the requested information. We have a 72 hour window to inform clients of any compromise as per these policies.
Incident management type
Supplier-defined controls
Incident management approach
Yes - users can raise issues through the software or direct with the helpdesk. We have SLAs assigned to all severity of issues and associated timescales for response and resolution. We can provide incident reports if requested.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£1700 to £60000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Potential clients can sign up for a free version of the software. This is limited to CF Source only to run tenders
Link to free trial

Service documents

Return to top ↑