Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Cashfac Care Account Platform
CASHFAC PLC

Cashfac Care Account Platform

Cashfac’s Care Account Platform enables Guardians and Appointees, to manage client accounts on behalf of vulnerable people for effective management of their financial affairs.
Used by Local Authorities, links to your bank, to provide a robust client banking solution with segregation and control of cash, and real time account opening.

Features

  • Bank Agnostic plug and play different or multiple banks
  • Fast Start get up and running quickly through data import
  • On-line account opening/closing in real-time and set own interest rates
  • Unlimited on-line statement information
  • Send UK Payment types BACS, Chaps and Faster Payments
  • Supports Direct Debit Payments (bills ie utilities, phone rates etc)
  • Receipt and Payment Types to mirror OPG reporting
  • Automatic Collection of Charges
  • Standard On-line Reports available to download
  • Comprehensive user permissions and transaction authorisation

Benefits

  • No need to switch your banking partner to use service
  • Change banks without losing cash management platform capability
  • We can on-board you quickly with minimal disruption
  • Real time access to account history
  • Create automated regular payments e.g. to service pre-payment card
  • Creates data extracts for automated OPG reporting eg CASPAR exract
  • Streamline charges collection through a single process
  • Ability to set bespoke interest rates
  • Set-up payment limits according to amounts being sent
  • Full audit record of who accessed and what was done

Pricing

£12,810 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at compliance@cashfac.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 2 1 2 0 0 0 0 4 8 4 5 4 7 5

Contact

CASHFAC PLC Carmen Morgan
Telephone: 02079200617
Email: compliance@cashfac.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Systems like Caspar and Controc
Cloud deployment model
Private cloud
Service constraints
There are no known constraints however the onboarding project will examine any requirements out of the ordinary.
System requirements
Your bank needs to provide Balance and Transaction files

User support

Email or online ticketing support
Email or online ticketing
Support response times
All services are supported by standard SLAs for quick responses
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Cashfac provides 1st line support via phone and support portal, 2nd and 3rd line support are provided via 1st line support escalation.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
There is an implementation process to onboard a customer to the platform
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Managed Service can provide a data extract of transactional data can be provided on contract end.
End-of-contract process
Users will be given the opportunity to contract with Cashfac directly. If they choose to terminate they will be removed from the platform and support accounts closed. Optional data extracts can be provided back to the User, to meet their relevant regulatory requirements and records retention, at the point of termination. Exit management provisions are included in the standard Supplier Terms.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The service interface is via a Website available over the internet which allows the User(s) of the platform to manage account holders, accounts, transactions, interest and statements for their clients. Authentication is via a username and password followed by a pin tied to the device (Multi-Factor Authentication). User(s) are given a role based access with permissions hiding functionality they do not have permission to.
Accessibility standards
None or don’t know
Description of accessibility
The service is accessible using a supported web browser over the internet via https.
Accessibility testing
Cashfac follow w3.org WCAG and use a developer W3C validator tool to verify developments as well as following a standard checklist during code reviews. Various banks have put our application through their own testing using a varied tool set to provide greater coverage. If issues are highlighted, they are typically addressed through the product maintenance patching cycle.

The product is capable of being used by visually impaired people and has been tested by an existing customer with this disability. The product has also been tested with assistive software (JAWS screen reader) both internally and externally. Screen navigation can also be achieved without reliance on the mouse.

The following tools are typically used for accessibility testing; WAVE toolbars, JAWS or NVDA screen reader (depending on browser compatibility), Colour Contrast Analyser, PDF Accessibility Checker.
API
Yes
What users can and can't do using the API
Cashfac has a suite of API's providing the ability to create and administer a Client(s) accounts/account holders as well as the creating and amending transactions on those accounts. A full list of API's is detailed below. User management is via the web UI and multi-factor authentication.

Login,
Account Enquiry - Transaction Status, Account Balance, Account Statement by Date,
Account Processing - Create Account Holder, Capitalise Interest, Open Accounts, Maintain Accounts,
Transaction Processing - Create transactions, Create Value Instructions, Update Transactions, Delete Transaction,
ATMA - Get Unallocated Items, Create ATMA exception, Create ATMA Allocation
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Cashfac has a comprehensive capacity management program with application performance management tools providing real time feedback. Services are scalable to scale up/out any services

Analytics

Service usage metrics
Yes
Metrics types
Cashfac will provide a generic service review document to all consumers of the SaaS service including availability, major incidents affecting the service
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data exports can be retrieved manually through the web browser interface or data extracts can be produced automatically on a schedule
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service levels, availability and credits are defined in the Supplier Terms, Schedule 5 - Cashfac Cloud Service Levels.
Approach to resilience
The service has high availability built into the infrastructure at the network, web, application and database layers. Data is replicated to a disaster recovery site housed in secondary location in real time allowing for a warm start of the service.
Outage reporting
Outages are reported via Service Management and the Service Desk.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Any login to the application requires two factor authentication and the management of the application is handled by permissions groups arranged by role.

Support is only accessible by login to the support portal by an accepted domain.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
07/10/2021
What the ISO/IEC 27001 doesn’t cover
The scope of our information security management system is set out under a formal Statement of Applicability, as required under the ISO27001 standard, for the provision of our Managed Service operations, which includes the provision of the Cashfac Care Account Platform. Currently, none of the control requirements are out of scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Approved supplier on Hellios, Financials Services Qualification System

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cashfac have an over-arching ISP with many related information security policies as defined in our Statement of Applicability.
The following is a summary of policies which form part of the mandatory requirements of the ISO27001 standard:
Information Security Policy
Risk Assessment and Treatment
Information security risks in Project Management
Information classification, labelling, handling and secure disposal
Records Management
Operational planning and control documents
Internal audit program
Security event and incident process
Clear desk policy/Physical security Employee pre-employment screening
Business and IT Continuity provisions

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Formal ITIL change management process with CAB approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerabilities are managed according to our Risk Assessment Methodology and treated accordingly. A risk assessment is carried out and appropriate measures are taken to mitigate or eliminate any associated risks. Actions are tracked via the Risk Treatment Plan. The Asset Register, Patch Management and Change Management processes support vulnerability management. A Change Advisory Board meets twice weekly to assess any vulnerabilities identified. Patches can be deployed in real time, depending on criticality and nature of threat. External vulnerability monitoring tools are also used, with relevant alerts to the technical teams.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Various event logging facilities are in place to support potential operational compromises and contractual obligations, including automated tools and manual reporting processes. Logs are held centrally in a SIEM tool, in accordance with relevant legal and contractual obligations and controlled by the Security Logging and Event Management policy, which is reviewed annually. Logs are reviewed by Technical Services team and escalated to the ISM and CRO if there is a potential compromise. Incidents are managed through the Cyber Incident Response Plan. Incident response times depend on the criticality. Critical incidents are responded to within 1 hr.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
There is a predefined policy and process for managing incidents. This forms part of our regulatory obligations and is reviewed annually. User(s) can report incidents by phone or email. Incident tickets are managed centrally via our Service Desk. Incident reports would be provided to User(s) with a root cause analysis and mitigating steps to avoid a similar future issue. Similarly if an incident was a regulatory reportable event then this would be reported on the relevant regulator portal. Summarised incident reports are provided to Cashfac's Operational and Executive Boards.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

We are committed to good environmental practices and always seek to reduce any negative environmental impact and contribute towards a healthier environment.

We have adopted a 3Rs approach – Reduce, Re-Use and Recycle policy across our business. We support local charities in recycling any used or surplus business equipment and furniture no longer required, to reduce unnecessary landfill waste.

All Cashfac offices have recycling facilities. Where not possible to recycle, we use certified professional waste management companies that are committed to environmentally friendly programmes.

We consider environmental issues and energy performance in the design, refurbishment, relocation and/or physical use of any of our offices, such as the use of motion sensors and low-energy lighting and mains filtered drinking water to reduce the consumption of single-use plastic bottles and unnecessary energy resources.

We monitor our energy use and strive to only engage with renewable energy providers. We have had a sustainable travel policy in place for many years. We challenged the need to travel, promoted the use of public transport for business travel wherever available and practical. Wherever possible, our offices are sited in locations with good public transport connections.

We offset our carbon emissions footprint on business travel by contributing to carbon reduction programmes including those offered by participating airlines or travel/hospitality providers.

We will continue to embed sustainability into our long-term plans to ensure our business and operational practices and policies help us minimise our impact on the environment and reduce the negative effect on climate change.
Covid-19 recovery

Covid-19 recovery

The health, safety and wellbeing of our people became central to the resiliency and the effectiveness of our operations. We have significantly increased our investment in our Health & Wellbeing Programme throughout this challenging period, in providing a supportive, compassionate, and positive experience for our employees.

Year on year, we have maintained and increased our investment in our people. We regularly review our training and development requirements and employee benefit schemes to reward and compensate our staff to retain talent. We continue to engage our employees on post pandemic working models, improve work/life balance to make Cashfac a place that people want to work, are valued for their contributions and feel they can make a difference.

We have an active community engagement program and continue to support both national and local charities through, fundraising, donations, sponsorship, or volunteering, to support those suffering from hardships, are vulnerable and/or are disadvantaged.

The pandemic has seen a significant increase in demand for many local community-led charities, across the world. These charities provide invaluable support to their service users, and throughout the pandemic have continued to service their communities, whilst battling a loss of income and critical resources; and other challenges posed by the impact of global lockdown. Whilst most charities have seen a negative impact on their revenue, smaller community-led charities are most at risk of having to reduce their services or even risk survival itself, as they have less resources and reserves than those larger charities. We will continue to raise awareness and support for these initiatives and communities at this challenging time.
Tackling economic inequality

Tackling economic inequality

It is well recognised that a lack of opportunities for learning, especially for those in vulnerable communities or in developing countries, contribute to a life of poverty, poor health, and inequality. Technology has become a necessity for education to create a better learning environment, allowing easy communication and access to resources.

We have an active community engagement program, supporting local projects such as annual work experience schemes for young people under the age of 18, offering Modern Apprenticeships or Graduate placement and mentoring programmes.

We are also proud to have supported charities dedicated to providing future generations with resources and skills to integrate into the technology-driven world. Recycling and donating redundant equipment, provides valuable educational support as well as helping reduce unnecessary landfill and contributing towards zero waste environmental programs.

Our community spirit extends beyond just educational or business-related schemes. Other charities we have supported in the past include both small local charities, such as Cash for Kids, a charity that provides support for children and young people affected by poverty, abuse, neglect, life-limiting illnesses, and those with additional needs; as well as various national and international support organisations, including Crisis UK, The Trussell Trust, and many others.
Our sponsorship of local charities is focused on those delivering community engagement programs, youth work, pastoral support, research, and training, as community-led solutions are often better able to produce longer lasting and more meaningful change.
Equal opportunity

Equal opportunity

We have a diverse workforce and respect and value every individual we work with and the contribution that they make. We treat everyone fairly and equally and have an inclusive workforce offering employment opportunities to all members of the community.

We invest in our people and create an environment where they can develop to their full potential. We empower individuals within the scope of their roles to make decisions and take personal responsibility for their actions. We support them by listening to their concerns and views and are open to suggestions and ideas in how we can improve to successfully meet business objectives.

We have invested significantly in developing a training and development program, both in-house and externally. The training program addresses both personal and professional development needs, including leadership, management and coaching. We provide opportunities for learning in several ways including access to award-winning industry e-learning platforms and through certified academic or vocational qualifications.

We strive to create a supportive environment and appreciate our employee’s immense hard work to help make our business successful.

We are committed to fair work policies including adopting family-friendly initiatives to support our employees, to achieve a better balance between work/life and personal responsibilities.

Our equal opportunity objectives are aligned to the United Nations Sustainable Development goals and include some key measures for equal opportunities such as, enhance maternity and paternity leave, tax-free childcare schemes, increased representation of people from minority groups and equality & diversity training.
Wellbeing

Wellbeing

We understand that modern living can bring about many stresses and our employees may suffer from periods of stress, anxiety and personal issues.

As a business, we have a responsibility to strike a balance between supporting those with mental health problems at the same time as creating a healthy environment for all our employees. Our established Wellbeing Program include an Employee Assistance Program for 24-7 professional counselling, available free of charge to all employees, to support those with either personal or workplace mental health issues. This is in addition to other wellbeing policies and employee benefits, such as private healthcare, time off to care for dependents etc.

The pandemic has further highlighted how important our colleagues are to us. The health, safety and wellbeing of our people became central to the resiliency and the effectiveness of our operations.

During the onset of the pandemic and extended lockdown, it was difficult for many of us to connect or speak with our colleagues, as we would do usually. At times of stress, most people work better in company and with support. Throughout this period, we provided Well-being Workshops both in a group as well as 1:1 sessions, delivered via an accredited third-party professional coaching and mentoring consultancy. Post-pandemic, we continue to offer these sessions to all employees where requested.

We strive to continue to invest in our Health & Wellbeing Programme, in providing a supportive, compassionate, and positive experience for our employees.

Pricing

Price
£12,810 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at compliance@cashfac.com. Tell them what format you need. It will help if you say what assistive technology you use.