IRIS SOFTWARE LIMITED

IRIS Financials (Education)

IRIS Financials is an industry-leading financial management system configured to meet the needs of Multi Academy Trusts (MATs) - a core finance system with DfE automation, including a purchasing platform, statutory reporting functionality, and analytics that provide a clear oversight of the financial health of both individual schools and Trusts.

Features

• Unified ledger structure
• All data in a single location, with automatic updates
• Full drilldown functionality, user definable fields, no modular boundaries
• Supports the Academies Chart of Accounts and automated annual returns
• Full tracking and auditability of financial data
• Automatic prioritisation of payments and collections
• Full integration with Amazon Business and other suppliers
• Cloud-based hosting
• Live banking integration - payee verification, account reconciliation, bulk payments

Benefits

• Automatically consolidates ledger entries saving time
• Automation greatly reduces period end work
• Reporting is real-time, can be viewed in familiar formats
• Cloud hosting makes collaboration and centralisation easy
• Access to timely information across the Trust
• Integration with the wider IRIS Education suite of products
• Ability to drill down, across all data in the MAT
• Access to the IRIS Financials user base via forums
• Automatically generated reports (over 130) including statutory returns
• System evolves and grows with the MAT

£2,568.00 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

249541156463054

Contact

Bid Team
0344 225 1525
BidTeam@iris.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: IRIS Analytics, IRIS Financial Planner, PS People, PS Workflow, PS Credit Control, PS Emailing Suite, PS Document Attachment, IRIS Expenses, PS Purchasing, PS Reporting, PS Data Transformation Tool
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Minimum Windows 7
  • Dual Core CPU
  • 4gb memory
  • 1gb hard drive
  • 1024 x 768 Display

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Any new ticket is responded to within 10 minutes to confirm the ticket has been created and advising the user of the ticket reference number.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/A
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Our support KPIs are: 90% of inbound calls answered within 30 seconds. 88% of tickets resolved within 48 working hours (tickets worked in order of priority), 93% ticket satisfaction
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All customers will receive training as part of the onboarding process. Telephone support is available for any issues. We provide all customers with a knowledge base with detailed help guides on using the system and features.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data extraction in line with an agreed exit strategy. Backups of all data is put in a place that a nominated user can access from within the service. This data can be extracted by the user for 30 days after termination of contract.
• End-of-contract process: Exit strategy is agreed as part of any contract and customer is supported as required.Upon termination of contract - a 6 month notice period will be required in writing. The contractual payments will apply throughout this period. Once the contract has expired, we will supply a SQL database back up to be sent back to you at no extra cost. Please note in compliance to General Data Protection Regulations, we will delete all data and references to the customer from our data centre within 30 days of the expiry of the current agreement term.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Developers can create .NET code to interact with the IRIS Financials suite of products. Data is fully validated before being submitted for upload into the IRIS database. The full IRIS Financials security model is invoked during any API calls and as such users can only view and update records to which they have the given access.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Posting screens within the Accounting application can be customised by trained users via an inbuilt user-friendly wizard. In addition, business rules can be created to automate manual processes such as prepayments, deferred income and partial VAT.

Scaling

• Independence of resources: We use a private cloud so users are not affected by the demand of other users as there is no multitenancy of systems.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are various application level solutions that allow users to export their data including full integration with the Microsoft suite of products.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XLS
  • PDF
  • DOC
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • SQL
  • TXT

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: PS Cloud Hosted Server(s) Availability: 99.99% excluding Maintenance windows. PS Cloud Hosted Server Availability: 24/7
• Approach to resilience: Multiple redundancy of hardware and communications at every level, up to and including replication to a secondary data centre located 50 miles away.
• Outage reporting: We report service outages through email alerts and via a dashboard that is accessible to all customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User profiles are built by and managed by the customer, in line with their role and with specific access control. Management interfaces and support channels are only available from our own internal networks.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/10/2021
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: GDPR compliance, ISO 27001, and Cyber Essentials Certified.; We have a full set of IRIS Group data privacy policies, which includes data handling processes, information security protocols, data access agreements, all in line with GDPR. These policies are reviewed on a regular basis inline with processes to ensure adherence. We also have an in house DPO that is supported by a group DPO at division level.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The configuration management process follows:; 1) Scope, The components of the service are defined; 2) References, All information about the component is collated and compiled into a (CMDB); 3) Assets register, All assets are clearly defined and recorded; 4) Baselines, These are created once a year normally during change freezes to benchmark the components and record changes; 5) Change Management, The change process interfaces with configuration management, e.g. Request for Change (FRC), RFC evaluated, RFC authorised. etc.; 6) Audits, Audits happen twice yearly to ensure a configuration item performs the function it is supposed to do and is security compliant
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This process is documented and audited as part of our supplier's ISO27001 accreditation. The process follows the following stages:; Discovery and categorisation of network assets into predefined areas according to business risk; Vulnerability scanning schedule executed; Risk based remediation according to business risk; Remediation takes place normally in maintenance schedules; Vulnerability and fix is documented
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: There are standard IPS tools in place - (intrusion tools).; By using a combination of manual and automated tools to continuously monitor and analyse security events 24 hrs a day. The protective monitoring process covers the following stages: Detection: Monitoring platforms are checked on predefined schedules and reports created and analysed using both automated tools and manual techniques. Any potential compromises are identified. Alerting: Any indicators of potential issues such as cyber attacks are recorded and investigated. Issues are prioritised as P1 and responded to within 15 minutes Response: steps taken to safeguard the network and take any remedial action.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents managed in line with Group data security and management policies and procedures. All staff are trained.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We are committed to ensuring equal opportunities at IRIS. Our CEO, Elona Mortimer-Zhika, celebrates diversity in our workplace and expects the culture and environment of IRIS to be based on mutual respect and free from discrimination. We are committed to delivering a competitive and fair employment environment. We put equality, diversity, and inclusion at the forefront of our decisions, monitor progress, take action to continually improve, and be transparent with our findings. We have a zero-tolerance approach to discrimination based on protected characteristics and any allegations of discrimination will be dealt with in line with our Disciplinary policies. We have several wellbeing groups, including Unique which provides support for physical or mental health conditions or neurodivergent people. We provide a variety of training schemes to all employees, regardless of any protected characteristic, and encourage progression through our organisation.; ; We are passionate about gender equality and are committed to building a diverse workforce. We have continued to invest in our range of programmes to support gender equality and support the women of IRIS so they can reach their full potential. These initiatives ensure that we continue to focus on making IRIS a great place to work, enable our people to flourish, improving gender pay equality and providing equal opportunity for all. IRIS Groups championing of women in leadership has been recognised as a Great Place to Work for Women. The executive team comprises of three female leaders and 11 male leaders. ; Our Modern Slavery Policy sets out the ways in which we identify and manage the risks of modern slavery as a business, including risk assessment, risk mitigation and staff training. IRIS reviews all material suppliers and assesses whether any risks of slavery or human trafficking arise.

  Wellbeing

  We are committed to engaging, supporting and empowering our workforce. We create an environment where they feel part of a team; from regular global company updates to social evenings and charity events. We’re a UK Best Workplaces™ for Wellbeing. We have over 40 Mental Health First Aiders, have a weekly workplace support group and offer a free Employee Assistance Programme and bereavement counselling. We have several wellbeing groups and celebrate diversity. We offer colleagues a cycle scheme, private medical insurance and reduced gym memberships. We hold company fitness challenges and provide free fitness sessions. We’re proud to be a Real Living Wage employer, provide UK cost of living support, offer a tech and car scheme and give access to money coaches, workplace ISAs and pension, life assurance and critical illness cover. We seek our employees feedback on benefits that matter to them.; We give our employees three ‘Giving Back’ days a year on top of their annual holiday entitlement to support local community and national charitable cause. Employees are encouraged to actively give their time and skills to fundraise for a charity of their choice and volunteer on community projects, including being a school governor, charity trustee, reading with school children through the Benchmark scheme, mentoring in schools and running money management courses, both externally in conjunction with charities and schools, as well as internally with IRIS employees.

Pricing

• Price: £2,568.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.