for the Government e
Market Place II Tender
High Level Requirement
Purchase and Payment; light system.
Catalogue and Buyer set up/configuration
requisition incorporating catalogue search and selection and workflow approvals;
Purchase Order auto
creation and distribution;
Direct links to supplier Sales Order Processing (SOP) systems e.g. via XML;
alone payment capability e.g. built in card p
Electronic invoice handling including “PO flip” and bulk invoice upload via supplier portal and or
Receipting functionality and invoice match (2/3way).
matching of invoices
AP output for upload into end user finance
The GSI Hub is a transaction system embedded in the GSI network that enables the passing of data (step
up and step
down) between the Internet and the GSI.
This system must be accredited at IL3 (RESTRICTED) and authorised to connect to GSI for pa
Government use by the GSI AWG (with CESG representation). It is accredited by Cabinet Office.
Hosted catalogue management services with appropriate security and resilience;
Search and compare functionality via intuitive interface i.e.
basket comparison over multi
Electronic Request for Quotation (e
RFQ) tools allowing real
time competitive activity for both
catalogue and non
catalogue items within defined financial limits (higher value items will require
formal tendering proc
esses to be employed via eSourcing tools).
real time inventory management; punch out.
Ability to assign views and permissions across users; Organisations; local and global.
Content/ Content management
Content (data) management services incorporating capability to handle
complex products and services;
rich data content with live links to external data from suppliers;
automated tools enabling robust and efficient data management processes for buyers;
a mapping functions
alignment of data to identified standard categorisations
[UNSPSC} and multi
level (user, department, organisation) flags to identify
preferred/restricted suppliers, products or categories.
Supplier catalogue updates workflow.
on process workflow; proof workflow [copy for approval].
validation workflow; content data sharing.
boarding / registration workflow;
upplier “rating” capability with links to supporting validation
i.e. certificates; reports;
Self supplier set up; configuration;
upport of supplier interfaces;
ulk loading and support;
DUNS registration link [DUNS standard supplier identification code]
Mail shots; advertising; supplier engagement capability
Integrated / non
Integration capabilities utilising industry standard technologies (e.g. Open Interface);
Stand alone system and workflows with capability to upload payment file directly into end user
finance systems for
Modular provision of functions and services allowing a flexible take
up based on individual
Integration needs to be quick/flexible and affordable.
Standard suite of reports based on end user require
; spend; product; transaction [including
RFQ]; contract ; supplier; customer; end user; permissions; combination of many; all.
hoc reports as requested;
Identification and reporting of SME’s; by UNSPSC; by supplier/DUNS.
Flexible query and
Provide overview; dashboard by any /all combinations;
Export to CSV; XML
Local and global views; controlled views and permissions. Aggregation of data across families;
Capability to record transactions against the list of contracts to facilitate reporting on “Spend
Backward compatible to IE6 / Oracle 11
Integration to other systems i.e. Contracts Finder (or its replacement) Dunn and
eSourcing systems (e.g. Emptoris / BravoSolution)
Jointly agreed development roadmap and processes
RFC; upgrades; identified release dates etc.
First line support service and helpdesk with agreed KPI’s
Please see a
ttached appendix which outlines the current security requirements which will be
necessary from contract start.
Security Requirements for Government eMarketplace Provision
The security accreditation requirements for the Government
eMarketplace were initially developed as part of the risk assessment undertaken prior to the
process of letting the original Framework Agreement. They have been further modified and developed during the life
time of the contract in response to
in HMG Security Policies and the requirements of the existing user community who have their own particular needs i
Police Forces and NHS
At the heart of these requirements is the ability to pass data securely into and out of a number of
secure Government networks including GSi, CJX, N3 and
Due to the on
going security requirements for any replacement system and the exit arrangements within the current Framework Agreement, any
service provider must be able to demonstrate t
hat they can provide equivalently accredited services to the current service provider (ProcServe).
he timescales for a new service provider to achieve the necessary levels of accreditation for these systems is
likely to be,
lengthy with the current estim
being that this
ould take a service provider a minimum of 18 months
Systems and Associated Accreditations
Whilst the main Government eMarketplace platform must be accredited at
there are a number of peripheral systems that are required to
deliver the full Government eMarketplace functionality. These are listed below along with their security accreditations:
The GSI Hub is a transaction system embedded in the GSI networ
k that enables the passing of data (step
up and step
down) between the Internet and the
This system must be accredited at
and authorised to connect to GSI for pan
Government use by the GSI AWG (with CESG representation).
It is accred
ited by Cabinet Office.
The CJX Hub is a transaction system embedded in the GSI network that enables the passing of data (step
up and step
down) between the Internet and CJX
via the Public Sector Interconnect (PSI). This system must be accredited
and its authorisation for connection into CJX is provided by the
Police National Accreditor and to GSI by GPS and CESG
The N3 Hub is a transaction system embedded in the N3 network that enables the passing of data (step
down) between the Internet, NHS N3
network and the Public Sector Broadband Aggregation network (Welsh WAN). This system must be accredited at
and its authorisation for
connection into N3 is provided by the N3 PSI Change Board
GSI by GPS and CESG
(Communications Electronic Security Group).
NHS Supply Chain Secure Channel
The NHS Supply Chain Secure Channel is a transaction system embedded in the N3 network that provides a secure network solutio
n to integrate with NHS
ain systems which can only operate with
. This system also provides HMRC compliant e
invoices for use within the NHS
The XML Firewall is a system to provide inspection of data for malicious content and also st
ructural integrity checks on data passing through all of the above
platforms plus the Government eMarketplace core IL2 system. This is a new requirement to align to the CESG Architectural Patt
“Data Import between
Security Domains Issue 1, September 2
011”. This system must be accredited at
and is required for assurance purposes to support the
connection via CJX provided by the Police National Accreditor and CESG into Police Force Finance systems operating at
IL2, 3 and 4
Due to the nature of the security accreditation of the system, this requires that staff at the service provider and their ass
contractors with access
to the system and/or documentation require the following security clearanc
with access to any part of the Government eMarketplace system or documentation requires a minimum of
Any staff designated as a Super User including Application Support, Helpdesk, Implementation Consultants, Developers, Securit
y Officers and any
MIS Users with access to more than one Buying Organisations data will require a minimum of
ff with access to the Police implementation on Government eMarketplace and its associated data must have both an
NPPV L3 clearance and
date FCO issued L2 (SC) clearance
Current estimates are that it would take a servi
ce provider that already has the knowledge of how to implement such systems, a minimum of 18 months to
achieve the required accreditation standards and staff clearances if these are not already in place. These estimates are base
d upon the timescales taken
accredit the existing service provider’s systems which included the following activities:
Initial design submission and approvals by GSI AWG, Police National Accreditor and N3 Change Board and CESG IA teams
Production and approval of associated RMADS d
Development, system and security testing and transfer to live operations
Formal submission and approval of security accreditation
Formal residual risk assessments by
and NPIA CLAS Consultants