BravoSolution UK Limited

JAGGAER ONE Purchase-to-Pay (P2P)

JAGGAER ONE offers a comprehensive Purchase-to-Pay (P2P) suite including Contracts, eProcurement (Catalogues, Request Forms, Shopping, Requisitions, Purchase Orders), Invoicing (Receipts, Accounts Payable), Inventory Management, and extensive supporting features plus optional integration with JAGGAER ONE S2C for Sourcing & Supplier Management.
JAGGAER (formerly SciQuest) have been delivering our service since 1996.

Features

  • JAGGAER ONE solution formerly known as "JAGGAER Indirect" / "SelectSite"
  • Contract management, authoring, approvals and DocuSign or Adobe eSignature
  • Easy and intuitive eCommerce shopping interface with powerful Cart management
  • Hosted Catalogues, L1 & L2 Punch-Outs and configurable Request forms
  • Highly configurable Requisition, PO & Invoice workflows
  • Simple & efficient Receipting process
  • Automated Invoice 2/3-way matching & processing
  • Solution integration with ERPs & 3rd party systems
  • AWS EU-hosted & ISO27001 certified services
  • Integrated Sourcing & Supplier Management via JAGGAER ONE S2C

Benefits

  • Efficiently manage Contract redlines, reviews and approvals
  • Contract-based eProcurement to populate Catalogues with contracted items/pricing
  • Easy, familiar online Shopping experience for unlimited end-users
  • Sourcing Request integration to our compliant JAGGAER ONE S2C suite
  • Flexible configurations to suit your processes, rules, and workflows
  • Real-time graphical progress reporting of Requisition & PO workflows
  • Visibility into all levels/types of purchasing throughout your organisation
  • Supplier self-service eInvoicing, PO-flip & optional Digital Mailroom
  • Ensure goods/services are actually received before payment via 3-way matching
  • "Manage by exception” to decrease costs of Invoice handling

Pricing

£120,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dsharples@jaggaer.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 9 6 2 5 5 8 8 7 0 5 1 9 2 8

Contact

BravoSolution UK Limited David Sharples
Telephone: +44 20 7796 4170
Email: dsharples@jaggaer.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
JAGGAER ONE SaaS applications are delivered through a tried and tested infrastructure that has proven to be highly stable, scalable and secure. Customers choosing our SaaS solution do not require to invest any resources in additional Hardware/Software or IT staff to install, run, manage or upgrade the software solution. We have one of the most advanced multi-tenant application delivery capabilities. The organisation is in a position to leverage the true benefits of SaaS while benefitting from high standards of service in terms of security, availability and performance, and with no technical capacity constraints on the use of computing resources.
System requirements
  • Browser-based, hosted applications with no minimum OS specifications.
  • Microsoft Internet Explorer 11 for PC
  • Microsoft Edge (latest version with Windows 10) for PC
  • Google Chrome (latest version) for PC
  • Mozilla Firefox (latest version) for PC
  • Safari 4.0 and higher for MacOS
  • Mozilla Firefox (latest version) for MacOS
  • Safari (latest version) for iPad
  • Mobile apps require Android 4.0.3+ or iOS 9.0+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are dependent on issue severity. Please refer to: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms/
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Level 1 support is provided as the first entry point for all new cases, from which cases may be escalated to Level 2 and Level 3. Global Support Service Levels: 24/5 follow-the-sun support is available. Contractual SLAs for Customer care and Bugfix are provided at: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms It is our policy to resolve any queries/issues as soon as possible following receipt of a call. Generally, calls are resolved within that initial call. Any issue that cannot be resolved on the first call is immediately directed to the appropriate team for resolution. Outstanding customer support calls take priority over all other work within our operations team. Any issue not resolved within two hours is escalated through agreed escalation issue resolution protocols. The customer will be updated of progress on a regular basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon contract signature, you will be assigned to a professional services manager (PSM) from our Professional Services organisation. The PSM will begin to work with you immediately to better understand your timeline and goal start date. Our typical lead time to staff a project is up to four weeks after signature. If there is a need to accelerate the timeframe, the PSM will work with you to define a mutually agreeable project start date.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In connection with any termination or expiration of the Agreement and upon customer’s written request, JAGGAER shall either (i) return client data to customer. Customer data shall be provided in XML format and at customer’s expense, at JAGGAER's standard hourly rates then in effect. Fees for return of customer data and transition assistance must be reasonable and consistent with the fees paid by customer during the term of the agreement for other services provided by JAGGAER or (ii) delete or render useless the customer data.
End-of-contract process
The customer is responsible for developing the exit plan. However if transition-related services are requested, JAGGAER agrees to provide such transition services according to a plan and fees mutually agreed to between JAGGAER and the customer.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
JAGGAER ONE P2P provides customer branded iOS and Android apps for compatible tablets and smartphones, allowing staff to manage tasks such as shopping from punch-out and hosted catalogues, receiving orders, and managing approvals the move. Android app requires Android 4.0.3 or later. iOS app requires iOS 9.0 or later. Blackberry & Windows mobile devices are not specifically supported through apps but are compatible for use via browser.
Service interface
Yes
Description of service interface
JAGGAER ONE Purchase-to-Pay (P2P) is a secure Spend Management software-as-a-service, accessible through supported web browsers over the public Internet via https.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
JAGGAER test for accessibility during the development phase and prior to product release. Every development team tests against accessibility standards as each new feature is developed, and across the entire application during the QA Testing sprint. JAGGAER has contracted third-party accessibility testers to test our solution using assistive technologies and for Section 508 and WCAG 2.1 AA compliance. Testing is performed with each major release (three times a year) and issues are prioritised and resolved by a dedicated accessibility team. JAGGAER customers require a highly functional business application that leverages as many of the latest thoughts widgets, and interface options available for web-based interfaces. Customers require this application to increase the efficiency of their business processes by eliminating manual steps and reducing time spent within the application e.g. elimination of clicks, automation of process, etc. Because some of the standards of Section 508 and W3C at times inhibit our ability to deliver on this requirement, our solutions are not fully compliant with W3C or Section 508 standards at this time. A description of our compliance can be found in our annual VPAT document (provided on request).
API
Yes
What users can and can't do using the API
JAGGAER ONE Integration service layer (JINT) is a JAGGAER proprietary, native cross-platform middleware layer that provides integration capabilities to enable interoperability between JAGGAER Cloud services and external systems, making standard native interfaces and built-in connectors available to support the most common integration scenarios. JINT supports JAGGAER ONE cross-module orchestration and provides: - Cloud connectors to an unsurpassed ecosystem of partners for outcomes that no other solution provider can deliver, including out-of-the-box support for TrustWeaver, Thomson Reuters, D&B, EcoVadis, Bureau van Dijk, Achilles, ConnXus, DocuSign, Adobe, MasterCard and more. - Standard interfaces to customer systems and applications (for SSO, ERP connectivity, document exchange etc.) via a comprehensive catalogue of SOAP XML Web Services, FTP connectors and certified SAP connectors, with a detailed library of supporting documents describing the exposed interfaces and service descriptors. - Integration as a Service (IaaS) providing customer-specific developments for integrations to legacy systems, agreed through Statement of Work.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The solution is not customisable in the ‘traditional’ sense where customers can access the code and make changes specific to their needs and environment. Once the solution is set up by our Professional Services team, it offers many tools for you to configure it to the needs of your organisation. The word “configure” is used, because changes made by your organisation will be within the parameters of the application. The following areas are configurable nearly to the point of customisation: • Application colour scheme (variable by department, role, and user) • Application logo (variable by department, role, and user) • User navigation can be set by the user to have their most common tasks appear in the main toolbar. • Field management tools allow you to change text & help contents to reflect your terminology. • Custom fields can be added throughout the application for accounting codes, document types, and collecting organisation-specific data. • Workflow interfaces allow you to manage and modify workflow rules as necessary. • Supplier home page can be branded to your organisation. Other configurable areas include email messaging, role design, attachment size limitations, date formats, number format, languages, and hundreds of other configurations.

Scaling

Independence of resources
JAGGAER ONE Purchase-to-Pay is implemented entirely within AWS. This allows the application to take advantage of a scalable, reliable and secure computing environment with a global presence. AWS follows an end-to-end approach to secure and harden their infrastructure, including physical, operational, and software measures. AWS Internet service is designed to be horizontally scalable and utilises multiple carriers to ensure the highest levels of redundancy and availability. No bandwidth limits are imposed for connectivity. Our Application Load Balancer will automatically scale its ability to handle inbound requests as needed. JAGGAER constantly monitor performance across the application stack. Availability SLAs provided: https://www.jaggaer.com/terms-of-service/saas-applications-support-services-terms

Analytics

Service usage metrics
Yes
Metrics types
JAGGAER ONE Purchase-to-Pay provides comprehensive real-time reporting of usage metrics including: Contract Lifecycle Management: Contracts that Require Attention: Review Pending Contracts that Require Attention: Expiring Contracts Workload by Contract Manager Cycle Time Report: Contract Creation to Execution Obligations Across Contracts eProcurement: Purchasing Reports (by Purchase Order or Purchase Requisition) Cycle Time Reports Site Usage Reports Sort, Filter and Export Data Access Based on User Roles Accounts Payable: Invoice Source Report Invoice Source by Supplier Report Invoice Matching Report Invoice Tolerance by Source Report Early Payment Analysis Report Cycle Time Report Early Payment Discount Detail Report
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
EProcurement data can be extracted using a standard “Export CSV” function for editing in Microsoft Excel. A full transactional data extract is available for any required date range. Data is extracted by Purchase Requisition or Purchase Order into Excel spreadsheets. Contract metadata, document, and attachment import/export are supported. Customers can import legacy contract metadata using spreadsheets, and upload associated documents. Contract metadata can be exported into CSV and/or XML for reporting or integration to other legacy applications. Customers can export all contracts and associated documents individually or as a single PDF file.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
JAGGAERs Amazon Virtual Private Cloud (VPC) is a virtual network defined by JAGGAER within the JAGGAER owned AWS accounts. It is logically isolated from other virtual networks in the AWS cloud and secured by the AWS service. Management and Production VPCs are interconnected with a VPC Peer service which allows secure and controlled access between assets in each VPC. Direct access to the Management VPC can only be achieved by first establishing a VPN connection with MFA and then traversing the JAGGAER AWS Direct Connect, a leased private communication link between the JAGGAER network and JAGGAER’s associated AWS VPC’s.

Availability and resilience

Guaranteed availability
JAGGAER shall make all JAGGAER SaaS Applications available to the Client for at least ninety-nine and one half percent (99.5%) of the time (determined monthly on a calendar basis), seven (7) days a week, twenty-four (24) hours per day, not including any unavailability that (i) results from JAGGAER maintenance communicated in advance or (ii) results from the poor performance or, of failure of, internet service or other outside service, software or equipment not within the control of JAGGAER (“Service Level Availability”). JAGGAER test and pre-production environments are expressly excluded from this or any other service level commitment.
Approach to resilience
JAGGAER ONE Purchase-to-Pay is implemented entirely within AWS. This allows the application to take advantage of a scalable, reliable and secure computing environment with a global presence. AWS follows an end-to-end approach to secure and harden their infrastructure, including physical, operational, and software measures. The primary production instance of JAGGAER ONE P2P Europe is deployed in the AWS EU-Central-1 region located in Frankfurt, Germany. The JAGGAER ONE P2P architecture takes full advantage of the inherent redundancy of AWS services and uses two unique availability zones to provide high availability for the application. It is important to emphasise that this high availability architecture takes advantage of multiple availability zones and data centres, greatly reducing the likelihood that an event within a data centre or specific to a data centre location could impact application availability.
Outage reporting
Outage reporting is via public dashboard at: https://www.jaggaer.com/service-support/uptime-report/

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
JAGGAER ONE P2P supports single sign-on via SAML, LDAP, Central Authentication Service (CAS), and Shibboleth. JAGGAER ONE P2P supports multi-factor authentication for both basic authentication and single sign-on using a Time-Based One Time Password (TOTP). The solution supports TOTP via SMS message, e-mail or registered device using apps like Google Authenticator, Sophos or OPT Auth.
Access restrictions in management interfaces and support channels
Direct access to the Management VPC can only be achieved by first establishing a VPN connection with multi-factor authentication (MFA) and then traversing the JAGGAER AWS Direct Connect, a leased private communication link between the JAGGAER network and JAGGAER’s associated AWS VPC’s. The Management VPC and the Production VPC are interconnected with a VPC Peer service which allows secure and controlled access between assets in each VPC.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Intertek
ISO/IEC 27001 accreditation date
04/04/2019
What the ISO/IEC 27001 doesn’t cover
The JAGGAER Information Security Management System ISMS is applicable to: Design and provision of JAGGAER Software as a Service and JAGGAER Application Appliance (JAA) solutions for enterprise supply management and spend management processes with related consulting activities and professional services.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO/IEC 27018:2014 Protection of PII in public clouds
  • ISO 22301:2012 Societal Security
  • ISO 37001:2016 Anti-bribery

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO/IEC 27018:2014 Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
Information security policies and processes
JAGGAER continually enhances the depth and breadth of our security policy in response to constantly evolving application features and technical standards. Over a decade of service delivery has provided JAGGAER with a solid foundation of “real” experience to develop and fine-tune our security policies at the highest levels in the market. We firmly believe that only a balanced combination of policies and technologies could effectively respond to the growing security requirements in delivering our services. The company has invested time and resources to ensure that appropriate policies are implemented, and suitable technologies are in place to deliver the most effective security protocols in the areas of Privacy, Authenticity, Integrity and Non-repudiation. JAGGAER has obtained relevant certifications from independent third parties including leading international providers of services for risk management. Our applications are subject to regular independent penetration testing and review. JAGGAER has also obtained the integrated ISO 27001:2013 Information Security, ISO/IEC 22301:2012 Business Continuity, and ISO/IEC 20000-1:2011 Service Management Certifications, which together formally specify a management system to guarantee data security, regulatory compliance and business continuity.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
JAGGAER maintains an ISO20000-1/ISO27001/ISO22301 Integrated System Configuration Management Plan. The Plan encompasses the following JAGGAER requirements: Business requirements (JAGGAER catalogued services). Internal requirements (JAGGAER internal SW and Network components). JAGGAER's Configuration Management Plan is established to ensure that there are sufficient resources and capabilities for both the implementation and maintenance of the evolving CI records. Major areas in scope include: IT infrastructure configuration (Business and Internal). Source Code configuration. Software Platform set-up and configuration. Web Services set-up and configuration.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All components utilised in the JAGGAER ONE Purchase-to-Pay architecture are continuously monitored for patches and software updates, especially in the area of security subsystems. Patch notifications impacting any critical areas of the platform’s security architecture are implemented immediately. According to ISO27000-1 requirements ISO policies are in place, to maintain and improve the organisation's ability to face new & complex external threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
JAGGAER has deployed AWS load balancers and the AWS Web Application Firewall (WAF) service, allowing JAGGAER staff to deploy WAF rules for both common exploits (updated automatically by AWS) and for specific rules to be written and deployed in minutes if required. Audit and event log information that is specific to both environment and application security are streamed Splunk ES SIEM . This provides unique user access accountability to detect potentially suspicious network behaviors and/or file integrity anomalies or other security related incidents that could occur. Information within the SIEM is secure and is actively monitored by JAGGAER infrastructure team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
JAGGAER maintains an ISO20000-1/ISO27001/ISO22301 ISMS Incident Management Procedure, and Communication Plan, available on request. Plan scope includes: Detecting an incident; Regular monitoring of an incident; Internal communication within the organisation, receiving, documenting and responding to communication from interested parties; Receiving, documenting and responding to any national or regional risk advisory system; Assuring availability of the means of communication during a disruptive incident; Facilitating structured communication with emergency responders; Recording of vital information about the incident, actions taken and decisions made, plus: Alerting interested parties potentially impacted; Assuring the interoperability of multiple responding organisations and personnel; Operation of a communications facility.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£120,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dsharples@jaggaer.com. Tell them what format you need. It will help if you say what assistive technology you use.