CASHFAC PLC

Cashfac Care Account Platform

Cashfac’s Care Account Platform enables Guardians and Appointees, to manage client accounts on behalf of vulnerable people for effective management of their financial affairs.
Used by Local Authorities, links to your bank, to provide a robust client banking solution with segregation and control of cash, and real time account opening.

Features

• Bank Agnostic plug and play different or multiple banks
• Fast Start get up and running quickly through data import
• On-line account opening/closing in real-time and set own interest rates
• Unlimited on-line statement information
• Send UK Payment types BACS, Chaps and Faster Payments
• Supports Direct Debit Payments (bills ie utilities, phone rates etc)
• Receipt and Payment Types to mirror OPG reporting
• Automatic Collection of Charges
• Standard On-line Reports available to download
• Comprehensive user permissions and transaction authorisation

Benefits

• No need to switch your banking partner to use service
• Change banks without losing cash management platform capability
• We can on-board you quickly with minimal disruption
• Real time access to account history
• Create automated regular payments e.g. to service pre-payment card
• Creates data extracts for automated OPG reporting eg CASPAR exract
• Streamline charges collection through a single process
• Ability to set bespoke interest rates
• Set-up payment limits according to amounts being sent
• Full audit record of who accessed and what was done

£12,810 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at compliance@cashfac.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

121200004845475

Contact

Carmen Morgan
02079200617
compliance@cashfac.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Systems like Caspar and Controc
• Cloud deployment model: Private cloud
• Service constraints: There are no known constraints however the onboarding project will examine any requirements out of the ordinary.
• System requirements: Your bank needs to provide Balance and Transaction files

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All services are supported by standard SLAs for quick responses
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Cashfac provides 1st line support via phone and support portal, 2nd and 3rd line support are provided via 1st line support escalation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is an implementation process to onboard a customer to the platform
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Managed Service can provide a data extract of transactional data can be provided on contract end.
• End-of-contract process: Users will be given the opportunity to contract with Cashfac directly. If they choose to terminate they will be removed from the platform and support accounts closed. Optional data extracts can be provided back to the User, to meet their relevant regulatory requirements and records retention, at the point of termination. Exit management provisions are included in the standard Supplier Terms.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface is via a Website available over the internet which allows the User(s) of the platform to manage account holders, accounts, transactions, interest and statements for their clients. Authentication is via a username and password followed by a pin tied to the device (Multi-Factor Authentication). User(s) are given a role based access with permissions hiding functionality they do not have permission to.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessible using a supported web browser over the internet via https.
• Accessibility testing: Cashfac follow w3.org WCAG and use a developer W3C validator tool to verify developments as well as following a standard checklist during code reviews. Various banks have put our application through their own testing using a varied tool set to provide greater coverage. If issues are highlighted, they are typically addressed through the product maintenance patching cycle.; ; The product is capable of being used by visually impaired people and has been tested by an existing customer with this disability. The product has also been tested with assistive software (JAWS screen reader) both internally and externally. Screen navigation can also be achieved without reliance on the mouse.; ; The following tools are typically used for accessibility testing; WAVE toolbars, JAWS or NVDA screen reader (depending on browser compatibility), Colour Contrast Analyser, PDF Accessibility Checker.
• API: Yes
• What users can and can't do using the API: Cashfac has a suite of API's providing the ability to create and administer a Client(s) accounts/account holders as well as the creating and amending transactions on those accounts. A full list of API's is detailed below. User management is via the web UI and multi-factor authentication.; ; Login, ; Account Enquiry - Transaction Status, Account Balance, Account Statement by Date, ; Account Processing - Create Account Holder, Capitalise Interest, Open Accounts, Maintain Accounts, ; Transaction Processing - Create transactions, Create Value Instructions, Update Transactions, Delete Transaction, ; ATMA - Get Unallocated Items, Create ATMA exception, Create ATMA Allocation
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Cashfac has a comprehensive capacity management program with application performance management tools providing real time feedback. Services are scalable to scale up/out any services

Analytics

• Service usage metrics: Yes
• Metrics types: Cashfac will provide a generic service review document to all consumers of the SaaS service including availability, major incidents affecting the service
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data exports can be retrieved manually through the web browser interface or data extracts can be produced automatically on a schedule
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The service levels, availability and credits are defined in the Supplier Terms, Schedule 5 - Cashfac Cloud Service Levels.
• Approach to resilience: The service has high availability built into the infrastructure at the network, web, application and database layers. Data is replicated to a disaster recovery site housed in secondary location in real time allowing for a warm start of the service.
• Outage reporting: Outages are reported via Service Management and the Service Desk.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Any login to the application requires two factor authentication and the management of the application is handled by permissions groups arranged by role. ; ; Support is only accessible by login to the support portal by an accepted domain.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group
• ISO/IEC 27001 accreditation date: 07/10/2021
• What the ISO/IEC 27001 doesn’t cover: The scope of our information security management system is set out under a formal Statement of Applicability, as required under the ISO27001 standard, for the provision of our Managed Service operations, which includes the provision of the Cashfac Care Account Platform. Currently, none of the control requirements are out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Approved supplier on Hellios, Financials Services Qualification System

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cashfac have an over-arching ISP with many related information security policies as defined in our Statement of Applicability.; The following is a summary of policies which form part of the mandatory requirements of the ISO27001 standard:; Information Security Policy; Risk Assessment and Treatment; Information security risks in Project Management; Information classification, labelling, handling and secure disposal; Records Management; Operational planning and control documents; Internal audit program; Security event and incident process; Clear desk policy/Physical security Employee pre-employment screening; Business and IT Continuity provisions

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Formal ITIL change management process with CAB approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerabilities are managed according to our Risk Assessment Methodology and treated accordingly. A risk assessment is carried out and appropriate measures are taken to mitigate or eliminate any associated risks. Actions are tracked via the Risk Treatment Plan. The Asset Register, Patch Management and Change Management processes support vulnerability management. A Change Advisory Board meets twice weekly to assess any vulnerabilities identified. Patches can be deployed in real time, depending on criticality and nature of threat. External vulnerability monitoring tools are also used, with relevant alerts to the technical teams.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Various event logging facilities are in place to support potential operational compromises and contractual obligations, including automated tools and manual reporting processes. Logs are held centrally in a SIEM tool, in accordance with relevant legal and contractual obligations and controlled by the Security Logging and Event Management policy, which is reviewed annually. Logs are reviewed by Technical Services team and escalated to the ISM and CRO if there is a potential compromise. Incidents are managed through the Cyber Incident Response Plan. Incident response times depend on the criticality. Critical incidents are responded to within 1 hr.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: There is a predefined policy and process for managing incidents. This forms part of our regulatory obligations and is reviewed annually. User(s) can report incidents by phone or email. Incident tickets are managed centrally via our Service Desk. Incident reports would be provided to User(s) with a root cause analysis and mitigating steps to avoid a similar future issue. Similarly if an incident was a regulatory reportable event then this would be reported on the relevant regulator portal. Summarised incident reports are provided to Cashfac's Operational and Executive Boards.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to good environmental practices and always seek to reduce any negative environmental impact and contribute towards a healthier environment. ; ; We have adopted a 3Rs approach – Reduce, Re-Use and Recycle policy across our business. We support local charities in recycling any used or surplus business equipment and furniture no longer required, to reduce unnecessary landfill waste. ; ; All Cashfac offices have recycling facilities. Where not possible to recycle, we use certified professional waste management companies that are committed to environmentally friendly programmes. ; ; We consider environmental issues and energy performance in the design, refurbishment, relocation and/or physical use of any of our offices, such as the use of motion sensors and low-energy lighting and mains filtered drinking water to reduce the consumption of single-use plastic bottles and unnecessary energy resources. ; ; We monitor our energy use and strive to only engage with renewable energy providers. We have had a sustainable travel policy in place for many years. We challenged the need to travel, promoted the use of public transport for business travel wherever available and practical. Wherever possible, our offices are sited in locations with good public transport connections. ; ; We offset our carbon emissions footprint on business travel by contributing to carbon reduction programmes including those offered by participating airlines or travel/hospitality providers. ; ; We will continue to embed sustainability into our long-term plans to ensure our business and operational practices and policies help us minimise our impact on the environment and reduce the negative effect on climate change.
• Covid-19 recovery:

  Covid-19 recovery

  The health, safety and wellbeing of our people became central to the resiliency and the effectiveness of our operations. We have significantly increased our investment in our Health & Wellbeing Programme throughout this challenging period, in providing a supportive, compassionate, and positive experience for our employees. ; ; Year on year, we have maintained and increased our investment in our people. We regularly review our training and development requirements and employee benefit schemes to reward and compensate our staff to retain talent. We continue to engage our employees on post pandemic working models, improve work/life balance to make Cashfac a place that people want to work, are valued for their contributions and feel they can make a difference.; ; We have an active community engagement program and continue to support both national and local charities through, fundraising, donations, sponsorship, or volunteering, to support those suffering from hardships, are vulnerable and/or are disadvantaged. ; ; The pandemic has seen a significant increase in demand for many local community-led charities, across the world. These charities provide invaluable support to their service users, and throughout the pandemic have continued to service their communities, whilst battling a loss of income and critical resources; and other challenges posed by the impact of global lockdown. Whilst most charities have seen a negative impact on their revenue, smaller community-led charities are most at risk of having to reduce their services or even risk survival itself, as they have less resources and reserves than those larger charities. We will continue to raise awareness and support for these initiatives and communities at this challenging time.
• Tackling economic inequality:

  Tackling economic inequality

  It is well recognised that a lack of opportunities for learning, especially for those in vulnerable communities or in developing countries, contribute to a life of poverty, poor health, and inequality. Technology has become a necessity for education to create a better learning environment, allowing easy communication and access to resources. ; ; We have an active community engagement program, supporting local projects such as annual work experience schemes for young people under the age of 18, offering Modern Apprenticeships or Graduate placement and mentoring programmes. ; ; We are also proud to have supported charities dedicated to providing future generations with resources and skills to integrate into the technology-driven world. Recycling and donating redundant equipment, provides valuable educational support as well as helping reduce unnecessary landfill and contributing towards zero waste environmental programs. ; ; Our community spirit extends beyond just educational or business-related schemes. Other charities we have supported in the past include both small local charities, such as Cash for Kids, a charity that provides support for children and young people affected by poverty, abuse, neglect, life-limiting illnesses, and those with additional needs; as well as various national and international support organisations, including Crisis UK, The Trussell Trust, and many others. ; Our sponsorship of local charities is focused on those delivering community engagement programs, youth work, pastoral support, research, and training, as community-led solutions are often better able to produce longer lasting and more meaningful change.
• Equal opportunity:

  Equal opportunity

  We have a diverse workforce and respect and value every individual we work with and the contribution that they make. We treat everyone fairly and equally and have an inclusive workforce offering employment opportunities to all members of the community. ; ; We invest in our people and create an environment where they can develop to their full potential. We empower individuals within the scope of their roles to make decisions and take personal responsibility for their actions. We support them by listening to their concerns and views and are open to suggestions and ideas in how we can improve to successfully meet business objectives.; ; We have invested significantly in developing a training and development program, both in-house and externally. The training program addresses both personal and professional development needs, including leadership, management and coaching. We provide opportunities for learning in several ways including access to award-winning industry e-learning platforms and through certified academic or vocational qualifications.; ; We strive to create a supportive environment and appreciate our employee’s immense hard work to help make our business successful. ; ; We are committed to fair work policies including adopting family-friendly initiatives to support our employees, to achieve a better balance between work/life and personal responsibilities.; ; Our equal opportunity objectives are aligned to the United Nations Sustainable Development goals and include some key measures for equal opportunities such as, enhance maternity and paternity leave, tax-free childcare schemes, increased representation of people from minority groups and equality & diversity training.
• Wellbeing:

  Wellbeing

  We understand that modern living can bring about many stresses and our employees may suffer from periods of stress, anxiety and personal issues. ; ; As a business, we have a responsibility to strike a balance between supporting those with mental health problems at the same time as creating a healthy environment for all our employees. Our established Wellbeing Program include an Employee Assistance Program for 24-7 professional counselling, available free of charge to all employees, to support those with either personal or workplace mental health issues. This is in addition to other wellbeing policies and employee benefits, such as private healthcare, time off to care for dependents etc.; ; The pandemic has further highlighted how important our colleagues are to us. The health, safety and wellbeing of our people became central to the resiliency and the effectiveness of our operations. ; ; During the onset of the pandemic and extended lockdown, it was difficult for many of us to connect or speak with our colleagues, as we would do usually. At times of stress, most people work better in company and with support. Throughout this period, we provided Well-being Workshops both in a group as well as 1:1 sessions, delivered via an accredited third-party professional coaching and mentoring consultancy. Post-pandemic, we continue to offer these sessions to all employees where requested.; ; We strive to continue to invest in our Health & Wellbeing Programme, in providing a supportive, compassionate, and positive experience for our employees.

Pricing

• Price: £12,810 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at compliance@cashfac.com. Tell them what format you need. It will help if you say what assistive technology you use.