CODA TECHNOLOGY LIMITED

Codabill

Fully connect the process of paying candidates and invoicing clients with our pay and bill solution. Cloud-based and compliant, Codabill is designed to work your way – but better.

Features

• Bulk timesheet entry and approval for clients and suppliers
• Payroll and invoice data automatically available upon timesheet approval
• Process invoices and credit notes, tracking them in one place
• Branded end-to-end invoicing from client to supplier
• Issue refunds and credits linked to invoices
• Instantaneous syncing of pay rates and timesheets
• Direct API integration with Codapay for payroll
• Integrates with any payroll software via export/import
• Extensive reporting, including gross profit margin
• Contractor portal for timesheets and expenses

Benefits

• Unlimited candidates, pay per active timesheet
• Access Codabill on the cloud anywhere
• Free updates rolled out automatically without disruption
• Up and running within 24 hours; no setup fees
• UK based support team
• Combine multiple invoices into one consolidated invoice
• Review and download payslips/expenses at anytime
• Mobile-first, data on any device
• A vast range of reports available out-of-the-box
• Support for all payment models

£1.00 to £10.00 a transaction a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@codatech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

270747658269419

Contact

Varun Monteiro
+447849534482
info@codatech.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Downtime may occur during planned maintenance. However, these will only occur overnight or at weekends.
• System requirements:
  • Compatible browser - IE11+, Edge, Safari, Firefox, Chrome, Opera
  • Access to internet (product is web based)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response time SLA is 2 hours during support hours. However, we typically reply within less than 60 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The internet can be a great enabler and source of freedom for disabled users. At Codabill, we are committed to ensuring that our services are as accessible to disabled and elderly people as reasonably possible. We aim for a consistently high level of usability for our entire audience across all of our websites, following best-practice accessibility guidelines. We engage with disabled, non-disabled and elderly people throughout website development to fully understand user requirements and ensure we produce sites that meet these. We also create specific content or tools to enable particular disabled user groups to get a better experience. Codabill is committed to sharing its experience of how to create usable and accessible websites via our accessibility standards, and by working with the wider accessibility and disability communities and the rest of the UK web industry.
• Onsite support: No
• Support levels: Support hours are 09:00 - 17:00, Mon - Fri, and is included in our standard licensing agreement. Out of hours support can be discussed on a case-by-case basis at an additional cost. Support is available by phone and email, as complimentary products to our Service Desk. Response times for P1 incidents is 2 hours, P2 is 4 hours, P3 is 8 hours and P4 is 72 hours. Our standard licensing agreement has 10 hours of support included free of charge. Any hours tracked above 10will be chargeable at our standard rate (see Ts & Cs for more information). Bespoke development is available at a standard hourly rate (see Pricing Document for more information). Customers are appointed a 2nd line technical liaison, as well as a dedicated account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon acceptance to license our product, we set users up with their instance in DEMO mode. This can be for any length of time up to 2 weeks. At any point during this period, customers can choose to go-live, otherwise they will default to going live after 2 weeks. Remote training is included in the licensing cost; if onsite training is required, this can be arranged at additional cost. User documentation is available via our service desk knowledge base.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users are able to extract all raw data from our system via their standing reporting dashboard (in CSV format). We are also happy to assist with an extract of database backups.
• End-of-contract process: Our SaaS contract includes setup/configuration, standard pricing for additional instances, RTU licence, training and support. Contracts are available on a 1, 12, 24 or 36 month basis, with a charge per worker processed on weekly, fortnightly and monthly bases. As the number of workers being processed can vary, we charge a minimum subscription of 40% of the contract value to ensure our costs are covered. 10 hours of support are included as standard within the licensing agreement. Additional / bespoke development is charged in addition (a feature request can be raised via our customer portal and a quote will be provided by your dedicated account manager).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: These are purely UI changes (e.g., condensed tables, collapsible navigation menus). Feature set is the same.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Service Interface allows users (Administrators and Standard) to access the relevant application configuration settings. Administrators can configure, manage and monitor all aspects of the system relating to their organisation. Standard users can modify their own personal settings.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The internet can be a great enabler and source of freedom for disabled users. At Codabill, we are committed to ensuring that our services are as accessible to disabled and elderly people as reasonably possible. We aim for a consistently high level of usability for our entire audience across all of our websites, following best-practice accessibility guidelines. We engage with disabled, non-disabled and elderly people throughout website development to fully understand user requirements and ensure we produce sites that meet these. We also create specific content or tools to enable particular disabled user groups to get a better experience. Codabill is committed to sharing its experience of how to create usable and accessible websites via our accessibility standards, and by working with the wider accessibility and disability communities and the rest of the UK web industry.
• API: Yes
• What users can and can't do using the API: Our API is already accessed by several 3rd parties. We expose only necessary, GDPR compliant data. It is open and readily available to any suppliers that wish to use it as-is. Any changes required will incur development charges.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Branding and vanity URL only.

Scaling

• Independence of resources: Our infrastructure is hosted on modern cloud technology. We can separate customer data per instance as required. We also have separations of concerns within our infrastructure. As some of this is proprietary IP, more information is available upon request (under NDA).

Analytics

• Service usage metrics: Yes
• Metrics types: Certain volumetrics can be exported from our system directly. On request, we can provide any further system reports around things like performance.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export all of their data themselves as a csv file from the reporting section of the system. We are able to provide a copy of the latest database backup upon request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% availability during core business hours (9am-5pm), Monday to Friday, excluding English bank holidays. Service credits are available in our standard terms for any SLA breach.
• Approach to resilience: Available on request
• Outage reporting: Email alerts to customers from our service team. Status updates / notifications are also published via our Service Desk platform, as well as our SaaS incident monitoring platform.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required. All internal users must access over VPN.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All staff members (permanent and contract) must sign to state they have read and understood the Information Security policies. Background checks are undertaken. We review administrator level accounts on a quarterly basis and ensure any no longer utilised are removed. Access levels to any system are commensurate to their role. We use only accredited hosting providers. We are Cyber Essentials certified, but are also pursuing ISO/IEC 27001 certification.
• Information security policies and processes: All staff members (permanent and contract) must sign to state they have read and understood the Information Security policies. A review of their understanding is undertaken annually and policies resigned. Failure is reported at CxO level. All new starters are required to read and confirm all policies and procedures and again at least annually. Any changes made during the period are notified to the whole company.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All our source code is tracked through life using Jira and Azure DevOps, which logs all changes made and any impacts. In addition, all changes made to our hosted environments follow a full electronic change control process, to ensure a robust audit trail and full compliance with internal security policies.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use a variety of sources to recognise potential threats. We scan our environments for known threats on a weekly basis - prior to any release - to determine where any vulnerabilities may exist. Furthermore, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue. We use accredited cloud hosting providers that ensure infrastructure is regularly patched and maintained to avoid any security threats.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We have processes and procedures in place to actively monitor and proactive resolve any potential compromises. Our hosting provider also has the same. CxO are informed of any breaches in a timely manner. Any breaches are immediately impact assessed - and the root cause analysed - so that necessary actions can be taken. Where customer data may be compromised, we would inform any affected customers as soon as it is practical to do so.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process differs based on the type and severity of incident. For more information, see Service Definition document.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We’ve signed up to the UK Business Climate Hub, consciously selected sustainable and environmentally friendly merchandise and limit any necessary print to sustainable paper stock and ink.
• Covid-19 recovery:

  Covid-19 recovery

  We've hired several staff who were made redundant during Covid-19.
• Equal opportunity:

  Equal opportunity

  We are a diverse team of gender, age, ethnicity, religion and demographics. We hire people because of their ability and attitude, never a pre-conceived notional checklist.

Pricing

• Price: £1.00 to £10.00 a transaction a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 2 weeks' of unlimited access to the system. Demo instances can be requested via our website.
• Link to free trial: https://www.codabill.co.uk/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@codatech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.