Payments and Cash Management Automation Software
The AccessPay platform enables organisations to securely connect their back-office systems (ERP, Treasury Management System, Payroll System) to UK (Bacs, Faster Payments, CHAPS) and International (SWIFT, SEPA) payment schemes. Enhanced workflows and role based profiles mean that payment approval and submission can be controlled centrally and processes enforced.
Features
- Bacs Approved Payments Software
- Direct Debit Collections
- Bacs Approved Bureau Software
- Secure Integration
- Multi-bank connectivity
- International Payments
- Secure Access
- Enhanced Workflows
- Automated bank statement retreival & visualisation
- Reporting & Alerting
Benefits
- Automated payments direct to scheme
- Easily manage high volumes of direct debits
- Easy, centralized management of local government payroll
- Remove risks of fraud associated with manually processing payment files
- Remove complexity associated with generating bank compatible payment files.
- Centralise and control cross-border payments
- Only approved staff are able to access critical payment data
- Systemic enforcement of processes and control
- Fast access to cash position data across your banking estate
- Receive alerts notifying you of significant cash movements
Pricing
£1,200 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 1 1 3 3 5 3 4 5 4 4 9 1 3 3
Contact
AccessPay
Charles Haworth
Telephone: +44 (0) 161 250 7778
Email: charles.haworth@accesspay.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- ERP, CRM, Payroll and Treasury Management Systems.
- Cloud deployment model
- Public cloud
- Service constraints
- N/A
- System requirements
- Modern Browser - Chrome, Edge, Firefox, Safari, etc..
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We have a 15 min SLA to respond to new queries
SLA's for tickets are tiered according to severity and business impact. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
-
There is a live chat widget embedded in the platform that allows users to open a live chat window.
Through the live chat window users are able to start a live chat with an AccessPay support representative to ask questions or start a support ticket, raise a support ticket directly or speak with a representative about upgrading their account and adding extra features. - Web chat accessibility testing
- N/A
- Onsite support
- No
- Support levels
-
AccessPay service hours are Mon-Fri 08:00 - 18:00 with extended hours to 22:30 for Priority 1 incidents.
Support incidents are assessed and categorised against standard levels, which as follows;
P1 Urgent: Incident resulting in entire production system being down with critical or major business impact.
P2 High: Incident resulting in inability to complete specific processing, with no viable workaround.
P3 Medium: Incident resulting in inability to complete specific processing, but a workaround does exist to allow said processing to complete.
P4 Low: Cosmetic or minor issue, minor or no business impact.
Target Resolution Times are as follows;
P1 - Urgent: Response SLA - 15 mins | Target Resolution: 2 hours | Escalation to Management: Immediate | Escalation to CTO: Immediate | Update Frequency: 30 mins
P2 - High: Response SLA - 30 mins | Target Resolution: 4 hours | Escalation to Management: 1 hour | Escalation to CTO: 2 hours | Update Frequency: 1 hour
P3 - Medium: Response SLA - 1 hour | Target Resolution: 24 hours | Escalation to Management: 4 hours | Update Frequency: 2 hours
P4 - Low: Response SLA - 1 working day | Target Resolution: 5 working days | Escalation to Management: 4 days - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
Every new AccessPay client is given a dedicated implementation consultant to guide them through the onboarding process. The onboarding process itself consists of three milestones;
1. Discovery - Define roles and responsibilities (Client, AccessPay, Bank), establish governance, collect data and sample files.
2. Build - Complete file transformations, Set-up users, Configure workflows, Set-up file configuration.
3. Test and Go-live - File testing with banks and connectivity testing, Training (on-site or webinar), Client UAT with bank(s), Client penetration testing
Typical project governance and communication cadence;
- Weekly progress call
- Weekly progress reports
- Increased frequency of calls and updates during testing and go-live
- Full handover to live - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- In the event that a client cancels their contract the data will be securely erased. If a copy of the data is required this will be in .CSV format and will not be chargeable unless otherwise described in the clients contract.
- End-of-contract process
- Customers that wish to cancel their subscription with AccessPay must do so in writing 30 days before the annual renewal date. The request to cancel can be made to either of the Service Desk, our Finance team or directly with your Customer Success or Account Manager. Once acceptance of the request to cancel has been confirmed by AccessPay, removal of access for all client users will be initiated at a date agreed by both parties. Requests to extract data will not be chargeable unless otherwise described in the clients contract. AccessPay will reply to the data export request as per GDPR and will answer the client request within 30 days of receipt.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
AccessPay is a reactive browser based solution.
When accessing the platform website through a mobile device users are limited to the dashboard and the approval function. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
The AccessPay External Web API supports server-to-server interactions such as those between an ERP system and an AccessPay service.
All Schemes (Bacs, FPS, Swift and Host-to-Host) are supported.
The AccessPay Open API supports payment initiation, either through bulk files or via single or bulk submission in a JSON payload, as well as updates on payment statuses.
It also allows for access to balance and transaction information from underlying banks and collection of reports from the BACS scheme. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The AccessPay platform can be customised in the following ways;
Payments Automation (UK and International Payment Schemes);
- Role based profiles
- Workflow rules that segregate user duties within the software (create workflows by payment type, eg payroll and by area, eg Schools payroll with designated submitters and approvers in each).
Cash Management Automation;
- View cash balances by currency, region, division, bank, or any grouping determined by you.
In each instance it is the Administrative users who have the ability to add and remove users, create new workflows and alter role profiles.
Scaling
- Independence of resources
- AccessPay aim to provide a service level availability of up to 99.5% for the service hours of your support contract .
Analytics
- Service usage metrics
- Yes
- Metrics types
-
AccessPay provide the following metrics as part of our customer success progamme;
- Active users
- Transaction volume and value throughput reports
- Usage reports
- Service availability reports
- Incident management performance - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users with the appropriate permissions can download uploaded transaction files from the AccessPay portal once logged in.
Through the Audit function users are also able to run and export audit reports such as File Journey, User Access Monitoring, User Permissions, Admin Changes and a full Transaction report. - Data export formats
-
- CSV
- Other
- Other data export formats
- XSLX
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- ISO 20022 - Pain.001
- ISO 20022 - Pain.008
- BACS Standard 18
- Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
AccessPay aim to provide a service level availability of up to 99.5% for the service hours of your support contract (see Section 2 Service Hours), with the exception of:
• Agreed routine maintenance windows
• Scheduled downtime
• Disruption / outages beyond the control of ACCESSPAY Systems
Service availability is calculated monthly using our automated monitoring. - Approach to resilience
- Available on request.
- Outage reporting
-
In the event of service outage, AccessPay will notify the clients stated business and technical contacts via email at the intervals outlined below according to the incident priority levels;
P1 - Urgent: Every 30 mins
P2 - High: Every 1 hour
P3 - Medium: Every 2 hours
P4 - Low: Daily
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
AccessPay operates RBAC based on the principle of least privilege and requires permissions from clients in some cases to get access to their data for support purposes. Access to systems is monitored and recorded for audit and monitoring purposes.
Users have clear role separations in the AccessPay solution and only approved users can contact AccessPay for support. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 18/09/2013
- What the ISO/IEC 27001 doesn’t cover
- Not Applicable
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- ECSC
- PCI DSS accreditation date
- 31/08/2020
- What the PCI DSS doesn’t cover
- PCI DSS Level 1 compliant
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO BCM 22301
- SWIFT Approved software provider
- BACS/FPS approved software provider
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
-
ISO 27001
ISO 22301
NIST security framework as base
Access Control Policy
Asset Management Policy
Data Protection Policy
Password Policy
Incident Management Policy
Vulnerability Management Policy
Internal and external regular audits, policies review, regular reporting to senior management and IMS committee
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
All changes to our applications are tracked through JIRA, with those tickets retained and tagged for future reference relative to releases. Use of source control (Git) and pull requests that require approval from another developer provide opportunity for code and security review.
Static analysis is performed against all builds before reaching any environment, checking against OWASP Top 10, SANS Top 25, Common Weakness Enumeration: CWE, and SonarQube’s own security rules. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Threats are assessed using CVSS scoring and fixed based on the following score classifications;
Critical (CVSS 9+) < 2 Weeks
High (CVSS 7+) < 1 Month
Medium (CVSS 4+) < 3 Months
We collect information from several government and private agencies, for example new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) and National Vulnerability Database (NVD). - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Potential compromises/threats are identified using SIEM, vulnerability scanning, file integrity check, log monitoring, user activity monitoring and in-house-built application and system monitoring solutions which notifies abnormalities to our Security Team who react based on severity of the notification. Updates are provided hourly and most of the issues closed same day if no third party is involved.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
AccessPay users can notify AccessPay of incidents via our Customer Portal, email or telephone. Incidents are impact assessed and prioritized according to the following standards;
Priority Definition
P1 - Urgent Incident resulting in entire production system being down with critical or major business impact
P2 - High Incident resulting in inability to complete specific processing, with no viable workaround
P3 - Medium Incident resulting in inability to complete specific processing, but a workaround does exist to allow said processing to complete.
P4 - Low Cosmetic or minor issue, minor or no business impact
Reports are provided to named business contacts.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
n/a - Covid-19 recovery
-
Covid-19 recovery
n/a - Tackling economic inequality
-
Tackling economic inequality
n/a - Equal opportunity
-
Equal opportunity
1) We recognise that discrimination is unacceptable and although equality of opportunity has been a long standing feature of our employment practices and procedure, we have made the decision to adopt a formal equal opportunities policy. Breaches of the policy will lead to disciplinary proceedings and, if appropriate, disciplinary action.
2) The aim of the policy is to ensure no job applicant, employee or worker is discriminated against either directly or indirectly on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy or maternity, race, religion or belief, sex or sexual orientation.
3) We will ensure that the policy is circulated to any agencies responsible for our recruitment and a copy of the policy will be made available for all employees and made known to all applicants for employment.
4) The policy will be communicated to all private contractors reminding them of their responsibilities towards the equality of opportunity.
5) The policy will be implemented in accordance with the appropriate statutory requirements and full account will be taken of all available guidance and in particular any relevant Codes of Practice.
6) We will maintain a neutral working environment in which no employee or worker feels under threat or intimidated. - Wellbeing
-
Wellbeing
AccessPay has put steps into place to support our employee physical and mental health. We provide an Employee Assistance programme which provides a 24/7 helpline offering practical and emotional support on a range of topics. Through this programme, employees can also access up to 8 free face-to-face counselling sessions per topic, which includes Cognitive Behavioural Therapy (CBT). Alongside this, AccessPay have also trained 5 members of staff to become Mental Health First Aiders who are available to provide support to employee’s alongside HR and Line Managers.
AccessPay provides free gym membership to all employees who would like to take advantage of this. For those that don’t, there is a £20 monthly wellbeing allowance available for employees to use towards memberships or activities that aid their wellbeing. Employees of AccessPay are also provided access to a Health Cash Plan, allowing them to reclaim the cost of dental and optical checks, prescriptions, physiotherapy and a number of other health related costs.
Pricing
- Price
- £1,200 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No