ADB (UK) Limited


Catalogue management to deliver high quality, validated catalogue and contract data directly to a procurement system/ERP


  • Established and mature supplier database
  • Fully cloud based UK hosted
  • Large data pool of products, eClass, GTIN/GDSN, PPIB, etc.
  • Formatted data for automatic uploads/downloads
  • Data format to suit your requirement
  • Full audit trail
  • All catalogues undertake full procurement process
  • Market Testing


  • Organisation specific pricing always up to date
  • All catalogues comply with current rules and regulations
  • Minimise invoice queries
  • Always buy at the best price available
  • All catalogues as contracts - no price lists
  • Meet Carter requirements


£15000 to £100000 per unit

  • Education pricing available

Service documents


G-Cloud 11

Service ID

9 5 2 0 4 9 3 1 9 5 2 2 0 9 2


ADB (UK) Limited

Steven Quinn


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to ECataloguing
Cloud deployment model Public cloud
Service constraints No
System requirements Requires web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday 8.30am to 5.30pm
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels A dedicated account manager is provided, who will be the first point of contact and take overall responsibility for the customer’s account. This includes, but not limited to:

 Training requests
 Change requests and product feedback
 Reporting and reviewing service levels
 Bespoke reporting

Refer to Service Definition
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our approach is to complete implementation in a timely and efficient manner, so that the customer retains momentum towards their desired goals. Typically we are able to complete implementation as follows:

Maximum implementation period: 5 working days

Includes: Portal set-up and branding, user set-up, supplier matching and initial training onsite, online and all documentation
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction We have experience migrating to third party solutions. We typically provide customer data in CSV or XLS formats, within 5 workings of it being request.

Refer to Service Definition.
End-of-contract process Refer to Service Definition.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API RESTful and SOAP
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Refer to Service Definition


Independence of resources UK hosted scalable on demand via contract with UK Fast


Service usage metrics Yes
Metrics types Refer to Service Definition
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach CSV or XLS
Data export formats
  • CSV
  • Other
Other data export formats XLS
Data import formats
  • CSV
  • Other
Other data import formats XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability  99% uptime at all times on Working Days (including outside of Working Hours);
 Downtime is recorded from the time the Incident is logged via the Help Desk;
 Downtime shall end when a resolution or suitable workaround is provided the satisfaction of the Customer;
 Downtime relating to failure of Customer infrastructure shall be disregarded;
 The Service availability percentage shall be calculated as (Working Hours in the Quarter/Downtime Hours in the Quarter) x 100

Refer to Service Definition
Approach to resilience Available on request
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Access restrictions is covered within our Information Security Management process, available upon request.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 1 August 2017
What the ISO/IEC 27001 doesn’t cover Not applicable
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISMS is the Information Security Management System, of which the Information Security Manual (‘the Manual’) and other supporting and related documentation are a part, and which has been designed in accordance with the specification contained within ISO27001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach This is covered within our Information Security Management System, further information available upon request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is covered in our Information Security Management process, available upon request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring is covered within our Information Security Management process, available upon request.
Incident management type Supplier-defined controls
Incident management approach Incident management is covered within our Information Security Management process, available upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15000 to £100000 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑