Source to Contract Technology
One integrated platform designed to seamlessly work together from day one
Â
Our solution is the result of continuous organic development of one line of code and not a set of cobbled-together acquisitions.
Software as a Service
Scanmarket is built to be used. That is why we focus on you - succeeding with our product. Our solution is delivered as Software as a Service, making operations easy for you and your team.
- Patching and maintenance is handled by Scanmarket.
- Quick to setup and deploy.
- No application to install, users can access from any device with any modern browser.
- Easily scalable. We ensure high performance.
- Lower cost than on regular on-premises setups.
Operations
Scanmarket is responsible for the operation of the hosted services and have procedures in place for:
- 24x7x365 monitoring, maintenance and correction of hardware and software
- Continuous patching and fixes
- Hardening of servers including monitored security suites.
- Scaling of the solution to ensure performance.Â
Backup
All data is backed up daily, with one weekly full-backup and daily incremental backups. Database transaction log files are backed up every 15 minutes.
The retention period for backups is 60 days.
Backups are stored in two separate AWS accounts, with completely segregated access, for disaster recovery purposes.
Hosting
Hosting of the Scanmarket eSourcing Platform is provided by Amazon Web Services (AWS).
AWS holds, among others, the following certifications:
- ISO 9001:2015 (Quality Management)
- ISO 27001:2013 (Security Management)
- ISO 27017:2015 (Cloud-Specific Security Controls)
- ISO 27018:2014 (Personally Identifiable Data Protection)
CSA STAR Level 2 (Cloud Service Provider Security)
AWS is audited twice a year covering a 6-month period to attest that they meet the criteria of their security programs, following SOC2, type II auditing procedures.
AWS datacenters are built to the highest standards, with fully redundant power and cooling and strict access controls in place to ensure a very secure environment.
Data is stored in the following AWS regions, depending on your hosting needs:
- EU-WEST-1 (Dublin, Ireland) for our European platform
- AP-SOUTHEAST-1 (Singapore) for our Singapore platform
- AP-SOUTHEAST-2 (Sydney, Australia) for our Australian platform
Inquiries and questions regarding our hosting provider and their certifications can be addressed to infosec@scanmarket.com
Security
Security
Information Security Management System
Scanmarket runs an extensive Information Security Management System (ISMS) based on the structure of the internationally recognized ISO/IEC 27001:2013. The ISMS is subject to continuous, systematic review and improvement.
Encryption
All data at rest is stored encrypted and all sensitive data is encrypted in the database. Each customer has their own unique encryption key which ensures one customer cannot access another customer’s data.
Data in transit is encrypted for all transactions. All encryption is performed using current industry standards.
Quality Assurance and Security Testing
Before any change is made in the Scanmarket strategic sourcing platform, the complete change is verified by highly qualified Quality Assurance Personnel ensuring highest possible stability and security in the application. The security testing includes, but is not limited to, testing against malicious requests and malicious input, including possible cross-site scripting attacks.
Penetration Testing
A yearly penetration test is performed by a qualified third-party, and any findings are corrected immediately. The latest summary is available to customers upon request.
Application Security
All database access is performed through the ORM framework or a secure query engine, eliminating the risk of SQL injection attacks.
User input is generally encoded so it can be displayed safely. This protects against cross-site scripting or JavaScript injection attacks. Where the user is able to enter rich text input, the resulting mark-up is sanitized.
All requests are validated for correct rights before data is returned or modified.
Authentication
Scanmarket support SAML2 based Single Sign-On, allowing for your organization to remain in control of the authentication process.
We also offer a regular username & password-based login with the ability to configure password requirements, such as length, complexity and age.
Are You Considering
Moving to Scanmarket?
Agile Software Development
Like many cloud-based software companies, Scanmarket employs Agile software development methods. Agile methodology is based on iterative, incremental development and enables rapid, flexible response to change.
Agile methods let us take what we learn and drive feature development to changing customer needs and market demands. Scanmarket’s Platform Development Team is able to deliver updates every 3 weeks, with dozens of new market and customer driven features - not simply patches and bug fixes.
The key components of Agile Software Development are:
- Inclusion of User Stories and personas in roadmap development so that the end product reflects the needs of the end users.
- Incremental development to roll out improvements rapidly in small packages rather than waiting for large, infrequent releases.
- Iterative development to make repeated changes to the same components as the development teams learn more about requirements.
- Team-based development groups so that the institutional knowledge remains with those who are involved over time
’’
It's a platform that’s evolved ever since we implemented it. We have had lots of good dialogue with Scanmarket around what could be new interfaces we would like and new features. That means we can sit down and look at how we do things and how we work in the most optimal way.
Secure-Coding Practices:
Protecting your data is a constant focus point. Therefore, our Software Development Life Cycle procedures includes:
- Manual code reviews
- Automated code scanning
- Security training for developers (OWASP)
Segregated Environments
Scanmarket has a testing and a staging platform that is 100% disconnected from the live servers, so no customer data is available on the test setup. All new features are tested, first on the test server and then on the staging server, before they are released into production.
’’
The tools are proving to be very successful, and simple to use