eSourcingData — Wales Source-to-Contract Procurement Software
Security · UK Data · Public Sector Ready

Due diligence documentation for IT, legal and procurement teams.

UK public bodies, NHS trusts, central government, housing associations and enterprise buyers all require robust security and compliance credentials before agreeing to a pilot or purchase — and Welsh public bodies need WPPS and Audit Wales evidence on top. This page provides the information your IT, legal and procurement teams need in one place, no NDA required.

For additional documentation — penetration test reports, data processing agreements, security questionnaire responses, Cyber Assessment Framework (CAF) mappings — contact us directly. Most security packs returned within 5 working days.

Request security documentation

Cyber Essentials Plus

In progress

ISO 27001

Roadmap 2026

GDPR Compliant

ICO registered

UK Data Residency

All data UK-hosted

PA23 Ready

Full Act coverage

WPPS Ready

For Welsh public bodies

Platform security

Architecture and data protection

Data residency

All data stored on UK-based servers

No data transferred outside the UK or EEA

Data centre locations: London and Manchester

Redundant storage with automatic failover

Encryption

All data encrypted at rest (AES-256)

All data encrypted in transit (TLS 1.3)

Evaluation scores and tender documents encrypted at row level

Supplier submission data isolated per procurement

Access control

Role-based access control throughout

Multi-factor authentication available

Session management with automatic timeout

Full user activity logging per organisation

Infrastructure

Hosted on enterprise-grade cloud infrastructure

99.9% uptime SLA

Automated daily backups with 30-day retention

Disaster recovery with 4-hour RTO

Penetration testing

Annual penetration testing by qualified third party

Most recent test: available on request

Critical findings: zero in last assessment

Vulnerability disclosure policy in place

Incident response

Documented incident response procedure

72-hour breach notification (GDPR compliant)

Designated Data Protection contact

ICO registration confirmed

Procurement Act 2023 compliance

How eSourcingData addresses every PA23 obligation

Every requirement listed below is built into the workflow — not a manual checklist. Welsh-specific obligations under WPPS are covered alongside; see the Welsh public sector hub for the full breakdown.

Pipeline Notices (contracts over £2M)

Automated — system prompts at correct threshold, generates and publishes to FTS

Tender Notice publication on Find a Tender

Automated — published simultaneously with portal release, no manual FTS submission

Contracts Finder publication

Automated — all above-threshold contracts published automatically

Competitive Flexible Procedure

Supported — configurable multi-stage workflows with negotiation and presentation stages

Transparency Notices (modifications, terminations)

Prompted — system flags when a transparency notice is required and generates draft

Award Notice within 30 days

Automated — draft generated on award decision, published after standstill

Standstill period (8 working days)

Automated — clock started, all suppliers notified, contract execution blocked until expiry

Debrief letters to unsuccessful suppliers

Generated — templated debrief letters with score breakdown, sent automatically

Social value in selection criteria

Built in — configurable social value weighting in evaluation, delivery tracking post-award

Conflict of interest declarations

Built in — evaluators declare conflicts before accessing submissions

Procurement monitoring obligations

Dashboard — portfolio view with status, deadlines and compliance flags

Document retention (7 years)

Automated — all records retained with immutable audit trail, exportable on request

Sell2Wales publication (Welsh bodies)

Automated — bilingual notices published simultaneously with FtS / Contracts Finder

WPPS principles capture & reporting

Built in — community benefits, fair work, Welsh SME, foundational economy, Net Zero Wales tracked notice-to-delivery

Welsh Language Standards

Bilingual notices live; bilingual supplier portal; Welsh-language buyer workflow on roadmap

Audit Wales scrutiny pack

One-click — cabinet, board and Audit Wales review-ready reports from live data

GDPR & data processing

Data protection by design

Lawful basis

All personal data processing is conducted on a lawful basis under UK GDPR. Processing activities are documented in our Record of Processing Activities (ROPA). Available on request.

Data subject rights

We support all data subject rights: access, rectification, erasure, restriction, portability and objection. Requests are responded to within 30 days. Contact info@esourcingdata.com.

Data processors

All sub-processors are documented, EU/UK adequacy decision covered, and subject to data processing agreements. Processor list available on request.

Breach notification

We have documented procedures to detect, report and investigate breaches. ICO notification within 72 hours where required. Affected individuals notified without undue delay.

Need documentation for your IT or legal team?

We provide security questionnaire responses, data processing agreements, penetration test summaries and architecture documentation on request.

Request documentation