ADB (UK) Limited


Catalogue management to deliver high quality, validated catalogue and contract data directly to a procurement system/ERP


  • Established and mature supplier database
  • Fully cloud based UK hosted
  • Large data pool of products, eClass, GTIN/GDSN, PPIB, etc.
  • Formatted data for automatic uploads/downloads
  • Data format to suit your requirement
  • Full audit trail
  • All catalogues undertake full procurement process
  • Market Testing


  • Organisation specific pricing always up to date
  • All catalogues comply with current rules and regulations
  • Minimise invoice queries
  • Always buy at the best price available
  • All catalogues as contracts - no price lists
  • Meet Carter requirements


£15000 to £100000 per unit

  • Education pricing available

Service documents


G-Cloud 11

Service ID

9 5 2 0 4 9 3 1 9 5 2 2 0 9 2


ADB (UK) Limited

Steven Quinn


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Cloud deployment model
Public cloud
Service constraints
System requirements
Requires web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday to Friday 8.30am to 5.30pm
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
A dedicated account manager is provided, who will be the first point of contact and take overall responsibility for the customer’s account. This includes, but not limited to:

 Training requests
 Change requests and product feedback
 Reporting and reviewing service levels
 Bespoke reporting

Refer to Service Definition
Support available to third parties

Onboarding and offboarding

Getting started
Our approach is to complete implementation in a timely and efficient manner, so that the customer retains momentum towards their desired goals. Typically we are able to complete implementation as follows:

Maximum implementation period: 5 working days

Includes: Portal set-up and branding, user set-up, supplier matching and initial training onsite, online and all documentation
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
We have experience migrating to third party solutions. We typically provide customer data in CSV or XLS formats, within 5 workings of it being request.

Refer to Service Definition.
End-of-contract process
Refer to Service Definition.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
RESTful and SOAP
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Refer to Service Definition


Independence of resources
UK hosted scalable on demand via contract with UK Fast


Service usage metrics
Metrics types
Refer to Service Definition
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
 99% uptime at all times on Working Days (including outside of Working Hours);
 Downtime is recorded from the time the Incident is logged via the Help Desk;
 Downtime shall end when a resolution or suitable workaround is provided the satisfaction of the Customer;
 Downtime relating to failure of Customer infrastructure shall be disregarded;
 The Service availability percentage shall be calculated as (Working Hours in the Quarter/Downtime Hours in the Quarter) x 100

Refer to Service Definition
Approach to resilience
Available on request
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access restrictions is covered within our Information Security Management process, available upon request.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
1 August 2017
What the ISO/IEC 27001 doesn’t cover
Not applicable
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISMS is the Information Security Management System, of which the Information Security Manual (‘the Manual’) and other supporting and related documentation are a part, and which has been designed in accordance with the specification contained within ISO27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
This is covered within our Information Security Management System, further information available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management is covered in our Information Security Management process, available upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring is covered within our Information Security Management process, available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Incident management is covered within our Information Security Management process, available upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£15000 to £100000 per unit
Discount for educational organisations
Free trial available

Service documents

Return to top ↑