assad
assad
Services for professional procurement.
Be better informed, make better decisions
www.achilles.com
1
Solution Overview
Functional Overview
Achilles defines, collects, validates and shares supplier qualification information with our customers
via an advanced and secure online platform.
Our Supplier Management Services are used by around 800 of the world’s largest buying
organisations to source and select suppliers that offer the products, services and standards they
need.
The heart of our solution is a systematic supplier qualification programme with data capture through
online questionnaires supported by rigorous validation through our assessment teams and qualified
auditors.
Our secure cloud-based platform then allows buyers to search for products and services and view
validated compliance and risk assessment information on the associated suppliers.
Supplier qualification and risk management
We develop industry-specific communities around the qualification needs of our buyers providing a
range of services and benefits:







Best-practice qualification standards agreed by the industry
Fully managed supplier data capture and validation
Systematic risk management and compliance
Supplier data consolidation on a single platform
Advanced online search and filter functionality
Access to new pre-qualified suppliers
Risk management information for stakeholders
With our Supplier Management Service you know that all existing and prospective suppliers you
access in the community have gone through the same rigorous process of validated qualification.
We reflect your policies and standards in the supplier qualification process – driving consistency and
compliance across your purchasing activities.
Comprehensive sector-specific qualification
Our qualification questionnaires (and audit programmes) are configured around the risk
management requirements of industry-specific sectors.
Typically they cover the following supplier criteria:
2
General
company
data
Products
&
Services
Finance
Insurance
& Legal
CSR &
Health &
Environment Quality
standards Sustainability Safety
Additional modules are available to provide more detailed supplier qualification across areas of
specific interest to your industry sector community:
Financial
analysis
CSR /
Carbon
Sustainability reduction
Multi-tier
supplier
visibility
Many community sectors include audits as part of their supplier qualification process. The audit
programmes align with the qualification questionnaire criteria, giving enhanced validation through
on-site assessments.
Supplier sourcing and procurement tools
Our secure cloud-based platform allows you to search for products and services and view validated
compliance and risk assessment information on the associated suppliers.
A range of standard and optional online tools are available to help you work with our data in your
supplier management and sourcing activities.
Unlimited user licences means buyers in multiple locations can access the platform to drive process
consistency across an organisation’s procurement function.
Search, filter, compare and report
You can search for suppliers by name or by the type of product and service you require.
A range of filter criteria can be used to target your search or to refine results to those who meet
your specific needs:
Products /
Services
Region of
supply
Quality
Health &
Safety
Registration Internal
Environment Audit &
assessment level
Qualification
3
You can save search criteria to re-use on regular sourcing events and use your search results to run
additional qualification and RFI activities from the Achilles platform.
A comparison tool lets you assess selected suppliers against key criteria to prioritise, short-list and
export to other formats.
Our system saves and records results to provide and auditable trail for evidence of policy and
process compliance.
Track specific products, services and suppliers
Our Buyer Alerts capability lets you track data updates and status changes for any suppliers or
product codes you select. This can support specific sourcing events or scenarios where you have
responsibility for managing a roster of vendors or group of products.
Scoring supplier profiles and attributes
Our model allows you to apply a score to any supplier data held on our platform. The scoring model
is configurable and weighting can be applied
to reflect criteria of the greatest importance to your business. The scores for each supplier can
appear in your search results and be used to prioritise, qualify, compare and benchmark suppliers.
Add your own qualification criteria and policies
To supplement our core Achilles qualification data the Internal Qualification (IQ) module allows you
to record, assess and score individual suppliers against your own criteria and share this across your
organisation.
You can add documents, data and comments from multiple sources (including Achilles) and apply a
qualification score or status to suppliers.
Your IQ scores / rules can be displayed in search results and if required you can restrict or filter
searches to only display suppliers that have satisfied your IQ standards.
Assess suppliers for specific contract opportunities
Our Additional Questions (AQ) module is an online RFI tool for assessing supplier capability to
provide specific products or services.
You define questions and response types, targeted suppliers and closing dates.
The module tracks, scores and compares responses and allows you to qualify or non-qualify
suppliers in single or multi-round events.
4
AQ stores each event for re-use, reference or as an auditable record.
Secure 2-way supplier communication
An optional feature provides secure, private online communication between buyers and suppliers.
This provides effective to demonstrate compliance with regulation or company policies.
Review, monitor and improve supplier performance
In addition to our suite of tools to support supplier qualification and risk management at the
sourcing stage we also provide solutions for managing existing contracts and vendor relationships
Our Performance Feedback module provides an online framework and process to help you review,
rate and develop existing supplier performance:
•
Supplier continuous improvement programmes
•
Supplier issue resolution
•
Future contract planning and consideration
We provide an established set of criteria to assess and score a supplier’s performance against. The
module produces a detailed report that’s specific to you and a high level score on the supplier that
can be shared across our platform.
As an Achilles community member you’ll also be able to review potential suppliers based on the
performance scores they receive from other buyers.
Non-Functional Overview
Achilles has aimed to achieve a number of non-functional requirements based on customer
requirements and expectations. These characteristics are split into four broad categories: resilience,
security, usability and, scalability.
The solution provides a resilient service based on good architectural decisions, deployment onto
appropriate infrastructure and applying best practices in processes and procedures. Computing
power and data storage is spread across several nodes to cope with any small number of individual
failures. Large scale disasters are mitigated using multiple data centres in different geographic
locations.
Security is a major concern. Achilles has addressed those concerns by focusing on confidentiality,
integrity, and availability. Ensure that check points are in place from design through to
5
implementation and operation. Regular reviews are undertaken as part of Achilles commitment to
its customers. Achilles has accredited their system to ISO27001 standards and continues to improve
its processes to reduce threats and identify vulnerabilities.
Achilles platform is available to diverse business sectors across the globe and is suitable for people
with different skills and abilities. Taking guidance from user experience experts and adopting
accessibility standards the platform is open to all users.
Flexibility to raise and fall to demands is key to achieving a successful service. Elastic capacity is built
into the architecture of the Achilles platform using community components that can quickly be
provisioned and releases based on customer activities.
Open standards usage
The service incorporates and adheres to several open standards, including HTML and ECMAscript.
Open source software usage
As part of the services delivery there is usage of Open source software, including:
JQuery
Javascript library for web pages
Couchbase
Although Achilles uses the commercially supported Couchbase product, the
couchbase database is also available as an open source project under an Apache
License.
Information assurance
Achilles has achieved ISO/IEC 27001:2005 in relation to procurement support services which include
the development, operation and management of online supplier information services, prequalification and validation systems. This achievement demonstrates Achilles’ assurance to the
secure and appropriate management of information held within the system.
Achilles will undertake a programme of work to engage with PGA to become accredited to business
impact level IL1/2 in order to further demonstrate Achilles commitment to information security.
Backup and disaster recovery
The platform strategy for backup is based on taking snapshots of the nodes within the systems and
copying those images to different locations. Snapshots of the system are taken four times each day
at regular intervals. The backup schedule keep a week’s worth of snapshots at the Data Centre in
readiness to restore the system to a previous state. The capacity of holding twenty eight sets of
snapshots is managed using round robin so only the latest copies are kept with the Infrastructure As
A Service (IaaS) provider. All snapshots are copied from the cloud and store at Achilles’ on premise
Data Centre.
The platform strategy for Disaster Recovery is based on multiple copies of data and services across
different Data Centres. Achilles platform is based on an “eventually consistent” data model. The
temporary loss of a Data Centre is anticipated and addressed by the technology choice of the data
6
repository. Disaster Recovery procedures are in place to recover from a loss of a Data Centre.
During an outage requests for services will be automatically directed to one of the remaining Data
Centres using Akamai’s solution to adapt to network conditions. Once the Data Centre has been
decommissioned, data updates are automatically replicated from the unaffected Data Centre.
On-boarding and off-boarding processes
Achilles’s customers are divided between the Buying organizations, who wish to search for qualified
suppliers, and the Supplier organizations, who want to be listed in the directories searched by the
Buyers.
The Buyers are on boarded individually and their data and initial user configuration is delivered by
Achilles.
Once a Buyer is onboard they provide lists of suppliers they wish to have onboarded into the system.
This data is often not complete, is out of date, and has inaccuracies.
Each Buyer’s list of suppliers is often presented in slightly different ways as they may have different
supplemental information they wish to record against their suppliers (e.g. alternative or multiple ERP
identifiers for the Buyer’s internal systems)
The lists of suppliers are cleaned up sufficiently to allow the identification of a contact user in the
organization to be invited. A communication, usually via email, is then sent to the contact user and
they are invited to complete a registration process.
The registration process includes enough questions to ascertain if the supplier needs to complete a
more detailed questionnaire, and if they will require any additional audits to validate their claims.
The Supplier owns the data they enter into the system. The Buyer is permitted to search that data in
order to identify Suppliers who best meet their requirements.
If a Supplier wishes to leave the system then we can remove their data from the system, unless we
are required by regulatory obligations to retain that data for longer. Once any such regulatory
restriction has expired however, we can delete data from the system. This would remove any data
that the Supplier owned in the system. We may retain some details provided by other parties about
the supplier (particularly any ERP identifiers that a Buyer may have submitted to us as part of the list
of suppliers they initially passed to us – this allows us to explicitly track that an organization provided
by a Buyer has asked to be deleted as opposed to having not been appropriately onboarded by
Achilles)
The same process can be followed for a Buyer organization, generally a Buyer organization can be
completely removed – once again, barring any regulatory restrictions.
It is not possible to delete commercial records relating to subscription or other fees, which have
been paid to Achilles.
7
Service Management Details
Service constraints
Achilles platform is modular in design: each customer selects the features and components that suit
their needs. Customers can request additional features or alterations to existing features, which can
then be assessed and analyzed prior to consideration for the service roadmap. Customers are kept
informed of new features being introduced and how they could take advantage of them.
The Achilles’s platform has been designed to make functional changes and without the need for
downtime. Introducing new features to a selected audience can be achieved while the other tenants
remain on existing features.
Service Levels
System Production Environment (Customer facing) will be maintained on line with a total availability
of 98.5% per 12 month period, excluding Planned Maintenance windows as per section A1 below,
subject to the following:
A1
Planned Maintenance
The System production environment may be taken off line for regular planned maintenance as
required which will be scheduled during weekends, any time between 08:00 Saturday and16:00
Sunday GMT/BST. Time zones stated are Greenwich Mean Time/British Summer Time as per
applicable UK local time.
A2
Unplanned Maintenance
Unplanned Maintenance consists of critical or emergency maintenance which out of necessity must
be scheduled outside of Planned Maintenance windows. Wherever possible this will be carried out
between the hours of 21.00 to 23.00 GMT/BST (as per applicable UK local time). Achilles will
endeavour to notify Customer in reasonable time ahead of any such Unplanned Maintenance.
Technical requirements
Deployment
Achilles’ systems are hosted on resilient cloud-based architecture to minimise risks of down-time.
This service is provided through Savvis – a top tier Infrastructure as a Service (IaaS) provider
recognised as being within the Gartner Magic Quadrant. More details can be found at
www.savvis.com or www.savvis.co.uk .
Achilles platform is deployed to a public cloud for general access by customers. Additional
communication channels to dependencies services (e.g. financial information from Equifax or data
replication between Data Centres ) are restricted using standard infrastructure solution such as VPN
or network traffic restrictions via firewall configuration.
Part of the services benefit is that the system scales horizontally – allowing for the rapid addition of
more compute, storage, or network resources as demand dictates and also, allowing for the
reduction of such consumption if the demand is not present.
8
Client software
The Achilles service is accessed through an internet browser and email client. No restrictions are
placed on the type of email client used by the customers. The web sites are modern with rich UI
features. The web sites are tested for usability by the following minimum browser versions:



Internet Explorer 6+
Firefox 3.5+
JavaScript to be enabled on all browser variations
Response Times
Minimum supported internet connection is a 512Kbps. The Achilles platform is developed to deliver
a user request response time of less than 2 seconds – however, this can be highly dependent upon
the speed of the user’s internet connection.
Data Exchange integration with customers
Achilles platform provides customer interfaces for system integration. The mechanism to transfer
data is based on open standard (XML and CSV formats) over secure channels. Customers that wish to
take advantage of these services shall be provided with full technical details and assistance to
prepare their solution. Data Exchange can be a two-way communication channel whereby Achilles
can receive bulk updates from a customer as well as provide bulk extracts from our database.
Achilles has the capability of configuring data exchange to suit the requirements of the customer.
Service Dependencies
Achilles platform relies on a number of external services. Supporting services that are best served by
specialised in their field are incorporated into the platform to provide a coherent solution.
The first type of external data services is for company and financial services. Achilles platform may
interact with financial services to augment data it gathers from the customer. For example, Dun &
Bradstreet provide valuable company information. The list of external services available to the
solution is adjusted over time to suit the needs of the customer. The addition of these types of
services is controlled by the customer; they are not automatically added to customer’s subscription
to our service.
The second type of external service is payment. As a subscription based solution, Achilles defers the
collection of payments to a specialist SaaS provider. Metratech Corporation (www.metratech.com )
provide billing and subscription services to manage customer accounts and payments. All financial
information is secured within the Metratech’s SaaS solutions, which meets all commercial
regulations for security and data protection.
9