Eazy Collect Services Ltd

PaySuite Direct Debit and Direct Credit Services

We provide a highly functional, flexible and secure Direct Debit and Credit Management System (DDCMS) that flexes to suit your business and how you serve your customers. For businesses to be able to take direct debit payments from customers, they need to have a Service User Number (SUN).

Features

• Cloud based Software-as-a-Service
• Direct Debit Management and Card Merchant portal
• Highly scaled API Integration or secure batch processing
• User control, authentication and management
• Real-time reporting and export download
• Provision of Service User Number (SUN) and Merchant ID (MID)
• Paperless and Online direct debit sign-up with communication module
• PCI-DSS Compliant card payment gateway processing
• Automated BACS exception and report handling
• Direct Debit Instruction setup App - iOS or Android

Benefits

• Automation and streamlining of payment or collection systems
• Removal of paper-based processes
• Introduction of electronic communications
• Cloud based services replace outdated installations
• Greater flexibility of payment scheduling or amendments
• User control and audit transparency
• Extensive range of management and reconciliation
• Improved cashflow management and reconciliation
• Cost reduction enabling re-allocation of resources
• Security of sensitive data to meet ongoing regulatory changes

£65 to £85 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pete.Martinsmith@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

306646023061496

Contact

Pete Martin-Smith
0845 345 3300
Pete.Martinsmith@theaccessgroup.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Billing, CRM, Accounting and Finance.
• Cloud deployment model: Private cloud
• Service constraints: Maintenance windows are minimal with the service so that we use all reasonable efforts to ensure that the SaaS Services are available for 99.70% of each calendar month. As a true SaaS solution customisation is not available although the product can be configured to meet all standard set up requirements.
• System requirements: Client User access via Cloud solution hosted securely on AWS.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Access has developed a range of support plans. Our online Knowledge base and Community service plans are available to all our clients. We have made significant investment in our client support tools. The Success portal provides around the clock access to log incidents, browse articles and videos to find solutions. Our Support teams are available M-F 9-5 ( or 8-6 on Standard/Premium) On these plans P1 cases are responded to in 1 hour. Please refer to Access for further details
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We have a high bar for accessibility standards in the Intercom Messenger and always try to ensure an accessibility level of conformance of; AA for regular text and AAA for large text; , which means meeting the highest accessibility criteria as defined by the Web Content Accessibility Guidelines (WCAG) international standard.
• Onsite support: Yes, at extra cost
• Support levels: We provide 3 main support plans as detailed below. The Essential Plan The online service The Essential Plan is available to all Access customers as part of your license fee and provides you with easy-to-access online support for all your queries, facilitated via our Customer Success portal. The Standard Plan Get answers faster As a Standard Plan customer you benefit from faster response times and can access our support teams via telephone and live chat, as well as through our Customer Success portal. To help your team be more productive, you are provided with continued access to our e-learning content as well as a programme of Success webinars, designed to keep you up to date with new features and share best-practice advice and guidance. The Premier Plan Boost productivity with direct access to the experts and achieve a higher return on investment Our Premier Plan enables your team to achieve more and improve productivity through an ongoing relationship with your own designated Customer Success Manager. Your CSM will get to understand how you’re using the technology and will advise you on how to get more from it.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Following signature we will start with a due diligence process (KYC/KYB checks) as required by the FCA for processing payments. This is done as part of the contract signature process. Then we setup the account usually within 48 hours after the Due Diligence and Contract is complete and they’re ready to process payments.; ; If an API integration is required, we provide test account details and support to help with the integration and testing process – though this can be done ahead of signing contracts if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Our exit process is; The Renewals team receive the notification and undertake discussions with the client, the account manager and any other stakeholders. Once termination is confirmed, the “termination data requirements document” is sent to the client and a record created on the Offboarding register in line with internal processes. The status is set to “waiting customer”. On receipt of the offboarding document, Access Offboarding Review team will review the response, respond to any queries, annotate the record to reflect the customer requirements, upload the document and set the record to “not started” The Service Delivery team will pick up the ticket, arrange the return of data, decommission the system then they or hosting delete the data (production and backup unless “beyond access”(in which case it will be overwritten). Closure of the ticket triggers a confirmation to the customer that their data is deleted.
• End-of-contract process: Our exit process is; The Renewals team receive the notification and undertake discussions with the client, the account manager and any other stakeholders. Once termination is confirmed, the “termination data requirements document” is sent to the client and a record created on the Offboarding register in line with internal processes. The status is set to “waiting customer”. Note: In the event that a Customer does not return the document, they will be contacted again twice prior to termination and data will be deleted within 30 days from contract end as Access has no legal basis for processing from that point.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None, scaling built-in. iOS and Android app also available for field agents.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Fully secure, robust, functionality and feature rich Direct Debit Management System cloud based User platform to access customer records, input data, manage and administer payment schedules, access/download wide range of reports, perform credit control giving clients complete control. Full adherence to BACS Scheme Rules, FCA regulatory compliance, PSD2, ISO 27001, etc.. Batch upload and 2-way API facility for automated and streamlined processing.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: A complete technical specification and developer guide is provided online on Github and in PDF. Test account and client specification liaison is project managed with the API tech team. The API is multi-function with client specific options for integration. For competent persons with IT skills and API experience consistent with an integration of this architecture and complexity, there are no limitations of any concern. REST based with input via x-www-form-urlencoded data, responses in JSON.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: API is multi-functional and can be integrated according to User/Client preferences and/or specifications. The developer Guide and Eazy Collect Tech support enables the Client's equivalent qualified technical persons to complete functional requirements as needed. The Direct Debit input form can be customised to some extent and the API allows you to build the DD application into your website with third party assistance.

Scaling

• Independence of resources: Access hosted servers are monitored ensuring that the service can expand sufficiently if required. In addition to this we use automated monitoring tools to alert us when demands on resource meet or exceed certain thresholds (CPU, RAM, I/O, disk usage etc). The infrastructure is sized to deliver comfortable capacity for even our peak service periods, day-today usage currently runs at 1/3 total capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: Full audit trail, User reporting and other processing MI metrics/reporting are part of standard features available with Eazy Customer Manager DD system. Real time daily processing and automation handling in response to BACS exception reporting is available through reporting modules, email notifications and self-serve functionality.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via self-serve Cloud based web portal by authorised Users choosing a range of reports available in the Eazy Customer Manager reporting suite in multiple formats. Additional data exports not within the standard report output can be requested subject to Data Protection legislation.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Via API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to make the SaaS available 99.7% except for unavailability during emergency or routine maintenance.
• Approach to resilience: Available upon request.
• Outage reporting: Users can subscribe to email alerts giving updates on scheduled maintenance and outages. An online portal is also available to clients.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Multiple User Authorisation levels and function accessibility
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 29/08/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded from the Standard.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Security Standards Council
• PCI DSS accreditation date: 24/01/2024
• What the PCI DSS doesn’t cover: Nothing as standard
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £65 to £85 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pete.Martinsmith@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.