SmarterPay

SmarterPay Cloud

SmarterPay Cloud is a unified payments platform that allows organisations to submit direct credits and debits via Bacs.

SmarterPay Cloud also provides seamless integration between your systems through a variety of methods to allow you to dictate and create your own workflows.

Features

• Access via any web browser
• Secure login with multi-factor authentication and/or memorable word verification
• Complex password with configurable reset protocol
• IP Whitelisting
• Configurable access and approval permissions
• User Dashboard
• Bacs File Processing
• Card Payments
• Direct Debit Management Solution (DDMS)
• Open API

Benefits

• Manual file upload
• Automated SFTP managed file upload
• File mapping tool
• User-prompt notifications
• Modulus Checking (Bank account and sort code validation)
• Account name verification using AIS
• Processing date validation

£0.01 to £0.20 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@smarterpay.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

147783278113869

Contact

Sales Team
01482 240886
info@smarterpay.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SmarterPay is available as an extension of Salesforce through our direct integration. ; ; We are able to consolidate your payment / collection processes within Salesforce and treat it as your organisations one source of truth with an end to end work flow.
• Cloud deployment model: Public cloud
• Service constraints: We have a regular maintenance window at 9am - 10am on Saturday mornings.
• System requirements: Current, supported web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support SLA varies based on the tier selected and is available Mon-Fri: 9:00 - 17:00; Standard Support: Critical Support Time - 4hrs; Premium Support: Critical Support Time - 1 hr
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer two different levels of support for organisations to choose from.; ; They are a standard or premium support package with add-ons available dependant on the needs of the organisation in question. ; ; Standard Support - Standard SLA's, only email and phone support, if remote support is required a consultancy fee will be charged for a minimum half day.; ; Premium Support - Immediate response time, email, phone & remote support included, standard 8 hours support included, a contingency service included.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SmarterPay offers online training when onboarding organisations. We're able to train a master trainer, for them to then demonstrate the platform internally to colleagues. Alternatively we also offer group onboarding sessions where we will walk through the platform and its functionalities, with a Q&A at the end for any areas an individual may not be as familiar with. We're also able to provide user material in addition to any training sessions for individuals to refer back to.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: SmarterPay has a rigid Data Retention Policy that we adhere to at all times whenever data is concerned. ; ; A user will be able to extract the data directly from the SmarterPay platform that will be needed when transitioning to a new vendor.
• End-of-contract process: Any data is retained for 90 days and then removed after this period but can be negotiated if lesser time frames are required. If the customer has any other requirements upon ending a contract, these are chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference between using the SmarterPay platform on your mobile or desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: A web portal is used to access the platform securely from any location globally if you wish. Alternatively we allow for IP addresses to be white listed, meaning you can limit where colleagues are able to log into the platform from.
• Accessibility standards: None or don’t know
• Description of accessibility: Users are able to create and check all Direct Debit information.
• Accessibility testing: Our internal QA completes all interface testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Our fully functional API is available to be viewed at the web address below:; wiki.smarterpay.com. Here, you're able to view all functionality of our API as well as a guide on connecting, to make any development work as streamlined as possible from a customers perspective.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What: Front-end changes are fully customisable ; How: Customisation options are available in conjunction with the on-boarding process; Who: Any customer can request customisation of the service

Scaling

• Independence of resources: We consistently develop and future proof our solution to anticipate growth in volumes before they happen. This means that we're able to ensure that any other users activity of the platform will never compromise that of another's.

Analytics

• Service usage metrics: Yes
• Metrics types: Transactional information.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users of our platform will be able to export their data via CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Authentication process.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Data segregation and encryption.

Availability and resilience

• Guaranteed availability: 99.5% service availability.
• Approach to resilience: Fully redundant systems in geographically separate locations.
• Outage reporting: API and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: A users access is fully customisable within the SmarterPay platform, meaning that permissions can be set to segregate the duties of each user of the platform. You are able to dictate what each user is able to action and also view within the platform, from when the file appears through to submission.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 27/03/2020
• What the ISO/IEC 27001 doesn’t cover: All aspects of certification cover are available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 27/06/2021
• What the PCI DSS doesn’t cover: Non-card payment processes.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SmarterPay adheres to many security policies and processes both dictated by internal and external bodies or personas. We are able to provide our information security policy as well as any other supporting documentation upon request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management processes are available on request and complies with ISO27001.; ; We are unable to publicly publish details of our processes due to the risk of them being compromised.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All of our vulnerability management processes are available on request and comply with ISO27100.; ; We are unable to publicly publish details of our processes due to the risk of them being compromised.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All protective monitoring processes are available on request and comply with ISO27001 and PCI DSS.; ; We are unable to publicly publish details of our processes due to the risk of them being compromised.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All incident management approaches are available on request and comply with ISO27001 and PCI DSS.; ; We are unable to publicly publish details of our processes due to the risk of them being compromised.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  SmarterPay is dedicated to supporting the development of scalable and future-proofed methods to modernise delivery and increase productivity. ; ; We consistently work towards the most efficient way of deploying our solutions to public sector organisations. This consistently allows for our teams to spend the time saved on business critical tasks. ; ; An example of our work towards this is our recent deployment of a self service portal within our platform that allows users to create cases with our support team digitally. ; ; We also introduced the ability to allow organisations to add / remove contact details of colleagues without the need to contact our support team.

Pricing

• Price: £0.01 to £0.20 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Included: UAT Test Environment; Not included: Does not include live submissions

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@smarterpay.com. Tell them what format you need. It will help if you say what assistive technology you use.