Elcom Systems Ltd

EVOLVE eFunding

EVOLVE eFunding, advance invoice funding and supply chain finance. Suppliers funded on the basis of public sector purchase orders or invoice. Buyers approve purchase orders and invoices, for funding without risk in an automated process. We connect suppliers to finance from funders who accept risk at lower rates than normal.

Features

• Low cost working capital for suppliers
• Working capital provided at PO stage, not invoice, therefore earlier.
• Purchase Order and Invoice finance.
• Automated processing
• Secure Connectivity
• Open standard technology stack
• Seamless interface to buyer ERP and other purchasing/finance systems

Benefits

• Easy to set up
• Improved cash flow for all suppliers
• Management of liquidity in supply chain and security of supply
• Local economic benefits from enhanced liquidity
• Improved purchasing/AP processes
• Potential to generate returns for buyers
• Cost reduction throughout process
• Supports SME cash flow and stability

£0 to £0 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

823647473220851

Contact

Steve Quinn
0151 482 9230
steve.quinn@elcom.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No technical constraints, but supplier credit checks are required.
• System requirements: Reasonably up to date Browser

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is 09.00 to 17.00 UK working hours. This is standard with no additional cost in the normal case. Response is usually immediate but in any case within 1 working day.; ; Support is by:; • service desk; • email; • phone; • onsite; ; Professional Services are as per our rate card, but are not likely to be required with this service.; ; Further details in Service Definition Document
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Getting started includes full implementation, including interfaces to finance and legacy systems if required; onsite and remote support 24/7 and onsite training for buyers and suppliers if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If requested, at close of contract, customers may advise the format in which they wish to receive their data and we will normally provide what we have as required, subject to agreement on data ownership between buyers and suppliers.
• End-of-contract process: Subject to agreement between buyers and suppliers on data ownership, we will normally provide relevant data in standard format. Any requested transformation of the data may be a chargeable professional service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Full functionality is available on tablets and through standard browsers on mobile phones.
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Service can be branded by the buyer

Scaling

• Independence of resources: Load is monitored and balanced at all times, with redundant server capacity available for peak demand. Server capacity as a whole is provided on the basis of regular reviews of load and trends in user activity.

Analytics

• Service usage metrics: Yes
• Metrics types: Multiple metrics including, for example, ; -volume of transactions; -value of transactions; -transactions by type; -full audit trail of all activities; -service up time; All by user-defined period
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is encrypted on a SAN device in the data center
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Elcom exports data to users in a specified format, for example into a data warehouse, or through flat file transfer, including SFTP transfer.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Direct entry on screen

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Please see Service Definition Document for full details of SLAs
• Approach to resilience: Backup, disaster recovery and resilience plans and measures are in place. Details are available on request.
• Outage reporting: Email alerts and/or telephone calls to impacted customers; ; Further details in Service Definition Document

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: No one, including Elcom staff, has access to any part of the system without 2-factor authentication. All access is logged and a full audit trail is kept..
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: SAS 70 Level II (Data Centre)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance aims for compliance with iso27001:2013
• Information security policies and processes: Elcom has a written security policy.; ; Security roles are defined and allocated to specific individuals. Responsibilities include firewalls and access security as well as the network. ; ; A security incident is 'any breach of security on the Elcom infrastructure which may potentially lead to the disclosure of client data'. Logs are monitored and reviewed and incidents, or potential incidents, are reported and investigated immediately. The team works directly to the VP of IT who is a member of the management team reporting directly to the Chairman and CEO.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All elements of the service are routinely monitored against emergent security threats and vulnerabilities. This includes potential future releases and features being brought into point releases.; ; Assessment is by internal review and third-party external quality control testing before changed or new elements are handed over to customers to complete there own testing.; ; Post go-live, annual penetration tests reconfirm security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Monitoring and assessment is continuous. Our aim is to deploy patches or counter-measures before potential threats become real.; ; We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring and assessment is continuous. Our aim is to mitigate potential compromises before they become real. This includes working with local auditors if requested. We work closely with datacentre providers, network managers and industry partners who advise of potential threats as they are identified.; ; All potential compromises are dealt with as a matter of urgency, requiring immediate assessment then mitigation as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is agreed with customers at set up. In the normal case, incidents are reported via a named person in the customer organisation to the Elcom service help desk. Usually reports are by email or phone call and logged immediately on the help desk system.; ; Customers can have access to the system to validate the incident is properly recorded and track progress to resolution.; ; Reporting is either through the help desk system or, if the customer wishes, separate incident reports for each incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £0 to £0 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The full service is free to public sector bodies.; ; Please see Service Definition Document for full details, including potential rebates for buyers

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF