Netcompany UK Limited

Profits® - Core Banking System

PROFITS® is a state-of-the-art, robust and reliable Core Banking solution that is the system of choice for many financial institutions around the world. Its distinctive core and near-core banking features enable financial institutions to streamline their business processes, embrace new distribution strategies, implement critical enterprise capabilities, achieving swift market entry.

Features

• Core Banking Components (Deposits, Loans, Collaterals, Agreements, General Ledger etc.)
• Near-Core Banking Components (Trade Finance, LCs, Treasury, Card Management etc.)
• Fund transfers: routing through multiple domestic and cross-border channels
• Products factoring that enables a broad range of banking products
• Business Rule Engine
• Workflow management
• Risk, Regulation & Reporting
• Omni-channel banking
• Seamless interoperability for connecting to 3rd parties' systems
• Messaging module for notifications and alerts

Benefits

• Extensive coverage of banking products and business operations
• Highly configurable for a wide range of products and processes
• Open architecture: provides the ability to integrate easily through APIs
• Easily integrated with web and mobile banking apps
• Cloud Platform, Architecture Independency & Scalability
• Security by design under a robust framework of security principles
• Multi-Lingual, Multi-Currency functionality

£9,500 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@netcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

218870676132542

Contact

James Hancock
+44 203 318 2133
info.uk@netcompany.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Some maintenance activities that concern deployments of new releases may require downtime. Such deployments are scheduled to take place during slots that will be agreed with the customer. Usually on on-working days/hours or overnight to minimize inconvenience.
• System requirements:
  • Network firewall
  • Load balancer
  • Virtual machines

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times are part of the Service-level-agreement (SLA) with the customer.; Incidents, registered via the online ticketing service by the customer, are classified according to their severity level. Then, they are processed by our support team which identifies the root-cause, provides assistance for a workaround and advises on the availability of a permanent fix.; The severity levels are typically categorised as follows:; Severity level 1: Critical - blocking defect; Severity level 2: High - major defect; Severity level 3: Medium - minor defect; Severity level 4: Low - trivial defect
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customised to suit buyer
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding to Profits® Core Banking System is based on rigorous methodological processes, adhering to international standards, ensuring the enablement of the customer and the successful commence of the new system. Onboarding involves: ; • Project Management ; • Enablement seminars rounds, depending on the level of customer involvement in implementation, with available courses and lessons to select. ; • Business gap-Analysis with refined deliverables (requirements specifications and design documents). ; • Implementation: configuration and customization activities. ; • On-site training, tailored according to the needs, with training topics per user profile and module, accompanied with training material, configuration guides, optional professional videos, hands-on practice. ; • Migration: We give great importance to the correct migration, essential to start live operation. It is based on best practices methodologies reflecting our experience, ensuring the integrity and the correct migration of the source data. ; • UAT: Comprehensive test plan ensures full coverage of the provided functionality. Issues reported in internationally creditable incident management tools, ensuring transparency, efficient tracking, prioritization and resolution planning and verification process. Successful completion and UAT sign-off, marks the final production deployment and go-live phase. ; • Go-live activities: final production deployments, final migration in production, third parties and marketing communication, cut-over period (closing legacy system).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Netcompany can export data to the desired and agreed format by a rate based on our SFIA rates included in pricing document. The exported data structure and format is defined within the context of End-of-contract process.
• End-of-contract process: 3 months prior to the end of contract, the customer is notified regarding the off-boarding process that includes discontinuation of services usage, the payment of charges due and the data extraction process that will be initiated after the contract termination. The data can be maintained for the time defined in the contract while Netcompany maintains confidentiality of the data until they are deleted. The data extraction is performed at Netcompany’s current rates for Professional Services. After the data extraction completion, the data and all copies maintained as per the back-up policies are permanently destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive web-design process is applied to PROFITS. Therefore, the application interface adapts to the user’s web-enabled device whether this is a desktop PC, laptop or any other portable device (tablet, smartphone). Differences between the mobile and desktop service may occur depending on the device as due to the responsive design some fields may be rearranged.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: PROFITS provides user interface for configuration and transactions as well as application programming interfaces for interaction with digital channels and third party applications.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The available APIs cover main system operations and depending on the functionality enable users to retrieve and modify system data.; System APIs are exposed through SOAP & REST end-points and can be securely consumed via dedicated server-to-server communication protected via mTLS following zero trust security.; ; Offered SOAP & REST services are sited on isolated servers and are secured via applied application gateways/mTLS.; ; Access to API server/servers must be granted using via private TLS certificates and API can offered indirectly to other parties through the application gateways.; ; Such a set-up requires external services to be hosted to a secured server that use mTLS as dictated by the product.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: PROFITS® offers the capability to authorized users of the Banking Organization to design banking products and product packages, by means of defining the desired characteristics and relating them to customers/members whereby these products are quickly available to the Bank's clientele. ; Rule-based architecture provides the flexibility of enhancing / altering System’s functionality without the need of coding.

Scaling

• Independence of resources: Profits® is a single tenant service configured per client in order to support specific business needs of the users. Sizing and therefore the scalability is designed per client/tenant as per the designated environment.

Analytics

• Service usage metrics: Yes
• Metrics types: Audit Logs (shows views of items in the system) can show service usage; Internal monitor system can measure usage, performance and case Create times (service)
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using API for any of the bulk operations.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Traffic between buyers network and the service relies on encrypted communication HTTPS (over TLS1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Cloud Security and TLS (Version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is offered as per the design of the tenant. Typical infrastructure design offers a 99.5% availability by redundant front-ends and application servers and data storage. Additionally infrastructure relies on availability of the underlying cloud platform provider (Microsoft Azure) outside the vendor control.
• Approach to resilience: Azure provides resiliency through a combination of built-in redundancy, fault tolerance, and disaster recovery capabilities across its services and infrastructure. Here are some key components of Azure's resiliency approach:; Datacenter Redundancy: Azure operates datacenters in multiple regions worldwide, allowing customers to deploy their applications and data across geographically dispersed locations. This redundancy helps ensure high availability and fault tolerance by minimizing the impact of localized outages or disasters.; Availability Zones: Azure offers Availability Zones in many regions, which are physically separate datacenter locations within an Azure region. Each Availability Zone has independent power, cooling, and networking infrastructure to ensure resilience against datacenter-level failures.; Fault Tolerance: Azure services are designed with built-in fault tolerance mechanisms to minimize downtime and service interruptions. For example, Azure Storage replicates data across multiple storage nodes within a region to ensure data availability and durability even in the event of hardware failures.
• Outage reporting: As offered by Microsoft Azure - online service reports available by: https://status.azure.com/en-us/status; Regarding the system itself, Azure Monitoring in combination Azure Alerts provides full reporting (trough Azure Portal) and alerting mechanism (with mail, SMS etc.) of possible outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the management interfaces such as system configuration, user access rights setup and maintenance, is protected with username and password. Granular access permissions enable the authorized users to perform only actions relevant to their role and responsibilities. ; Users entitled to call for support tickets needs to use the client portal to create tickets and service requests. Such users are provided with a unique username and password so any usage of the support channel are logged and granted to individuals.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ACM Limited
• ISO/IEC 27001 accreditation date: 27/07/2017
• What the ISO/IEC 27001 doesn’t cover: Denmark, Norway and Poland Offices
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
• Information security policies and processes: Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organizations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Netcompany utilises service management tool (jira) that integrates change management, incident management, problem management, configuration management and knowledge management. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Azure's vulnerability management approach encompasses a combination of built-in features, best practices, and security controls to help customers identify, prioritize, and remediate security vulnerabilities in their cloud environments. Azure Security Center continuously monitors security configuration and system resources to identify vulnerabilities, misconfigurations, and security weaknesses. It integrates with Microsoft Threat Intelligence to detect and respond to security threats in real-time and it provides actionable recommendations for the remediation of security vulnerabilities. Azure provides patch management capabilities to help customers keep their virtual machines and software up-to-date with the latest security patches and updates.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes begin with Azure Security Centre’s continuous monitoring and threat detection using Azure Monitor and Azure Log Analytics. This system collects, analyses, and stores log data from Azure resources, applications, and operating systems. Integration with Microsoft Threat Intelligence provides insights into emerging threats and vulnerabilities. When potential compromises are identified, we promptly trigger incident management protocols, assembling a cross-functional incident response team. This team, available 24/7, manages activities until resolution. Additionally, incident hotlines are routed to our command centre outside core hours for swift response.
• Incident management type: Undisclosed
• Incident management approach: The incident management process incorporates a number of participants and contributors who facilitate and coordinate activities. A representative of the impacted business area, is responsible for coordinating resolution activities made up that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our publicly-available Social Value strategy includes an Environment pledge to achieve UK net zero targets by 2040 by fighting climate change and supporting effective stewardship of the environment. To achieve our near-term and long-term science-based targets for NetZero we have policies and activities in-place to support environmental protection and minimise the impact of our operations and services on the environment. These are overseen by our Environmental Working Group (EWG) comprising employees, subject matter experts and senior leaders. The EWG leads an annual NetZero forum with partner ecosystems to exchange insights for accelerators and greener digital solutions. Our commitment to environmental targets is upheld by regular reviews in our Social Value Steering Committee, which assess progress, strategise and ensure transparency through annual ESG reports and our UK Carbon Reduction Plan. ; ; To enhance effectiveness of customers' environmental strategies, our Green IT Centre of Excellence is committed to integrating sustainable practices in delivery methods. This includes adopting green-coding practices and planet-centric designs which align to the Government’s 25-year Environment Plan and Greening Government Commitments. Our project team understands buyers’ local policies and agrees sustainable design principles. We use our ISO14001 Environment Management System to deliver and implement plans using ISO9001-certified processes. ; ; Our policies, programmes and initiatives to fight climate change include: ; ; Partnering with Carbon Trust to guide CO2 reductions, delivered through initiatives such as reduced business flights, electric vehicle and cycle-to-work incentives. ; ; We’ve introduced waste management systems in our offices; zip taps for water; food waste managed by composting partners; e-waste via Good Things Foundation and redistributed to disadvantaged groups. ; ; Our annual staff survey understands hybrid-working and commuting emissions; Climate Awareness Training advises staff how to reduce them. ; ; To help staff and Buyers understand benefits of environmental stewardship through volunteering, we reconnect people with the environment via greening partners, e.g. Leeds Countryside Rangers.

  Tackling economic inequality

  Our publicly-available Social Value Strategy includes three pledges which tackle economic inequality. To deliver the pledges we work with Small and Medium Enterprises (SMEs) including social enterprises focused on reducing the digital skills gap and apprentice programmes. The Government Good Work plan underpins in-work progression with all-staff training and upskilling. ; ; We work with (SMEs) local to our regional offices - London, Leeds, Birmingham - and when developing social value ideas for a buyer, extend reach to communities local to its workforce. 50% of our suppliers are SMEs, we’re signatories of the prompt payment scheme, have a Sustainable Procurement Policy and assess social values and behaviours via a supplier questionnaire. ; ; We recognise that reducing the digital skills gap can improve economic equality and the armed forces and youth social enterprises we work with enable our people to voluntarily run free digital upskilling courses. Our Service Leavers Programme also provides supported routes into tech careers. ; ; We have a fair recruitment and retention strategy underpinned by the Government’s Good Work Plan and a DE&I Policy aligned to the Equality Act 2010. We’re a Living Wage employer; actively recruit from under-represented groups and influence a future pipeline via national youth events in schools with high free-school-meal uptake. As part of this we: ; ; Ensure job adverts use accessible language and offer reasonable adjustments forms. All staff receive disability awareness and inclusivity training, we advertise through disability jobs boards. ; ; Support people Not in Employment, Education or Training (NEETs) with apprentice programs and recruit from Cloud skills bootcamps (50:50 gender split). ; ; Offer mentoring to undergraduates from disadvantaged groups at five universities. ; ; Pay above National Living Wage and publish gender-gap statistics annually. ; ; Ensure 100% FTE have mentors and twice-yearly appraisals to support in-work progression and access to Netcompany Academy, 50+ courses including cloud computing and cyber security.

  Equal opportunity

  Our publicly-available Social Value Strategy includes an Employment and Volunteering pledge committed to equal opportunity and tackling inequality. We have a Modern Slavery statement and DE&I policy underpinning our inclusive working environment, which includes accessible recruitment, reducing the disability employment gap, apprentice-programmes, skills, training and in-work progression opportunities for all. ; ; Our published DE&I policy, reviewed annually, aligns with 2010 Equality Act and we have a DE&I working group and Employee Resource Groups (ERGs) which report into the Social Value Steering Committee. In 2024 our Neurodiversity ERG launched and like existing ERGs (Women, Veterans, LGBTQ+, Multicultural) helps foster an equal, inclusive workplace. ERGs have motivated policy change, eg: an upgraded maternity policy and additional paid leave for reservists; and partner with social enterprise initiatives such as GirlTech supporting equal opportunity in the skills-pipeline. We enhance this further with a 50:50 gender split on apprentices and industrial placements. ; ; For recruitment and retention, we align with the Government’s Good Work Plan and interviewers receive non-bias training and follow a strict code. We have a strategy to improve representation in three groups by 2025: women from 20-30%; disabled people from 10-15% and retain multicultural representation at 30%, it includes: ; ; Extension of consultant roles to women without IT backgrounds/tertiary qualifications. ; ; Annual pay-gap reporting and addressing of disparities; employees with similar experience are paid equally; all staff paid above National Living Wage. ; ; Disability awareness and inclusivity training for all staff; we’re Disability Confident and advertise via disability jobs boards. ; ; Support of universities with high multicultural student population, offering mentors and opportunities towards our entry-level consultant pathway. ; ; Supporting in-work progression and equal access to training via Netcompany Academy’s 50+ courses, a dedicated mentor for all and transparent promotion processes. ; ; A published Modern Slavery statement, in 2024 we commenced staff training to improve their knowledge around this.

  Wellbeing

  Our publicly-available Social Value Strategy sets out our pledge to improve health and wellbeing and is underpinned by Thriving at Work’s six mental health core standards and the Mental Health at Work commitment. Activities to support the pledge include influencing and education, healthcare and dental plans and company-wide wellbeing initiatives. ; ; All staff have access to optical, dental and Vitality’s private healthcare scheme - the comprehensive cover includes physical, mental health, physiotherapy and remote GPs. Our People Team conduct monthly health-and-wellness assessments, with insights/data from Vitality which are reviewed by senior teams to identify concerns and necessary interventions. Two annual surveys track lifestyle behaviours and we act on findings to develop initiatives ie: training, education and social events. Vitality offers a points-based incentive scheme - healthy behaviours are monitored and open-up rewards from cinemas, coffee shops and fitness-tracking devices. ; ; Both Vitality’s mental health provision and our Employee Assistance Programme (EAP) offer three types of talking-therapy. We have trained mental health first aiders, 1 for every 90 FTE, and advocate for a healthy work/life balance by offering flexible and remote working. Our “After Dark” social events are beneficial in bringing people together and strengthening relationships; activities include sport, creative classes and family events. All employees can improve mental health through ‘giving back’ via volunteering with our social value partners, ie: environmental greening and supporting younger people on their tech journey. ; ; Wellbeing schemes for our contract workforce include: ; ; Annual fitness challenge. ; ; Cycle to work scheme in association with Halfords. ; ; Work environment assessment supported by posture principles masterclass and yoga. ; ; Tailored lunch-and-learn influencer series with experts, subjects include menopause, fatherhood, stress-management, diet. ; ; Financial support through the EAP, plus an enhanced private pension scheme. ; ; Fair and supported career-progression, transparent twice-yearly appraisals, mentor for 100% staff, access to Netcompany Academy to upskill in over 50 courses.

Pricing

• Price: £9,500 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@netcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.