SQEPTECH LTD

SQEPpay UK Payroll SaaS and Managed Payroll Services

SQEPpay is a modern UK Cloud Payroll solution, fully integrated with HMRC with a modern, intuitive user interface providing depth of functionality and REST API, with a competitive pricing SQEPpay is cost-effective solution for all businesses, small or large, with no extra charge for additional including my pay data app.

Features

• Automated UK Payroll
• Powerful Comprehensive API
• Real Time Reporting
• Pension Management
• Holiday & Statutory Payments
• Expenses and Benefits
• CIS Supported
• Customisable Payslips
• Manage Pay Grade & Spine Points
• Payroll Warnings improving payroll accuracy

Benefits

• Covers United Kingdom and Outside of UK
• Automated Payroll features minimising manual effort
• Manage multi employee pensions and roles
• Manage employee Statutory Payments through the portal
• Manage employee expenses and benefits through the portal
• Manage payments for Contractors and Sub-Contractors through CIS
• Manage Payroll Bureau Functionality
• Manage National Minimum Wage
• Manage employee holiday pay through the payroll platform
• Managed Payroll Services

£3.25 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

402813659404144

Contact

Roberta King
+447734112102
contact@sqeptech.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: It can be integrated with HR, Time and Attendance, Workforce Management, Pension and Finance systems.
• Cloud deployment model: Public cloud
• Service constraints: Solution is UK only; but can service payroll for UK nationals living outside the UK
• System requirements:
  • Access to internet connectivity as the solution is SaaS/Cloud based
  • Safari, Google Chrome, Firefox, IE11 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business working hours Mon-Friday 9.00 - 17.00; slower response during the weekend. ; Typical support responses times:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customers can contact the SQEPtech support team via support@sqeptech.com indicating issues and their estimated level of priority as follows:; • Priority 1 – fail in operations; • Priority 2 – reported bug or issue without a workaround in place; • Priority 3 – reported bug or issue with a workaround in place ; ; SQEPtech will endeavor to apply fixes to the reported issues in line with the reviewed priority level as follows:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days; ; Managed services support level can be put in place, costs varying on number of payslips required to be produced on a monthly basis. ; ; Account Manager and/or Client Success Support available depending on type of contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online Help / Online User Documentation, Interactive help, New Feature walk throughs; The following services are available:; * access to Support Team; * 1-2-1 user training and shadowing (at additional cost)
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Excel files
  • Csv files
• End-of-contract data extraction: Data can be exported via excel files, csv files, or can provided directly from the database in html format or other formats required by individual clients. Standard reports can also be used.
• End-of-contract process: We work with the client to ensure a smooth off boarding process. Exact details will depend upon the client and the system or service provider they are moving to as well as timing within the tax year. When a payroll service comes to an end, it is important to ensure the following are issued:; * Payroll Master Data; * Payroll Additional Data; * Payroll results including YTD balances; * Any supporting documents held in relation to payroll transactions; * P45’s if the employees and new payroll will have a new tax code; Historical data can also be provided if requested.; Dependent upon the detail of the off boarding required costs are typically 50% of last annual cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The DevOps team has access to the environments for monitoring and support services. Access to personal data is only granted on a ‘needs must’ basis
• Accessibility standards: None or don’t know
• Description of accessibility: .
• Accessibility testing: .
• API: Yes
• What users can and can't do using the API: When you connect the SQEPpay API to your HR, accounting, payment, or time and attendance software. In a few simple clicks, you can seamlessly sync SQEPpay payroll features (including PAYE, pension, and more) to other applications.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Information concerning future usage of key services is collected as part of the regular our SaaS service review process. SaaS customers are asked to highlight any known increases or decreases in the usage of existing services and any other business events likely to impact on the effective provision of service.; Data regarding the current usage of technical resources is collected via several monitoring tools and is analysed quarterly to identify trends.; Currently the application resources are sized to support the existing customer base at peak times. Work is in progress to enable auto horizontal scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: Data about the utilisation and usage of the system is available via dashboards. Metrics include:; * Number of users;; * Number of payslips generated.; Datadog provides monitoring of the platform. Gainsight provides usage data to allow us to identify areas of the application to improve and also to surface tips and advice to customers.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: IRIS

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Payroll databases use Transparent Data Encryption (TDE) to protect data at rest.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Standard reporting available in the portal; reports can be exported via csv, excel or pdf type files; Custom reporting is also available; custom reports, same as the standard reports can also be exported in csv, excel or pdf format
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data in transit is secured end to end using TLS 1.2 or higher. Any data passed to IRIS for support purposes is sent via secure FTP and stored and processed as per IRIS secure data policies.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Ensuring the product is legislatively compliant ; First point of call for answering Data Protection Queries ; Conduct annual training ; Adherence to General Data Protection Regulations

Availability and resilience

• Guaranteed availability: Save during routine maintenance and upgrades, we will use reasonable endeavours to ensure that SQEPpay Payroll is available at least 98% of the time within each calendar month between the hours of 8.00 am and 8.00 pm.
• Approach to resilience: Hosted in Azure Cloud. Regular backups in place. Production information is not physically hosted on any SQEPtech premises, and is managed (together with disaster recovery, failover and information security continuity) by Microsoft Azure (https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/). ; Backups are taken regularly within the Azure hosted subscription to provide contingency if any of the supplier mitigations fail: Azure SQL databases are backed up in full on a weekly basis. Differential backups are made every 12 to 24 hours. Transaction and log backups are made every 5 to 10 minutes. Point in time backups are retained for 7 days.; Azure Cosmos databases are backed up every 240 minutes. Backups are retained for 8 hours, with 2 copied retained in geo-redundant storage.; Code configuration is controlled within version control. In the highly unlikely event of disaster recovery failing for any supplier, environments can be created through recreating these replicable environments via infrastructure-as-code scripts.
• Outage reporting: Outages are reported via email. Datadog active monitoring and alerting in place to alert internal teams. Service status API available for customers to query.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Password and Authentication Policy: This policy describes the authentication requirements for accessing internal computers & networks and includes those working in-house as well as those connecting remotely. Every person, organisation, or device connecting to internal IT resources and networks must be authenticated as a valid user before gaining access to SQEPtech's computer systems, networks, and information resources.
• Access restrictions in management interfaces and support channels: Those with support level access can only view companies which have support access enabled. This is set by the customer.; There are various levels of user which controls what they have access to:; * Owner-Full access. ; * Admin-Full access to a specific subset of data.; * Reviewer-Primarily read access, can't generally make changes.; * Editor-Limited ability to edit user data but below the level of the admin role
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials.
• Information security policies and processes: A comprehensive information policy is backed by specific, detailed polices applied company-wide. Commitment to the delivery of information security is led from the top of the organisation, with the senior team holding monthly information security reviews. ; Top management ensure that systematic reviews of performance of the programme are conducted to ensure that information security objectives are being met. ; Cyber Essentials principles underpin this practice. ; The policy and supporting policies are endorsed by Management at all levels. Policies are reviewed annually as part of the ongoing security improvement program and documented in the Information Security Management System Policy (ISMS). ; Policies cover ISMS, access control, passwords, software development, cryptography, data protection and data privacy, anti-malware and patching, monitoring and logging, incident management, business continuity, the use of media, data retention, suppliers, HR security, change management, remote working, back-ups, social media and internet use, cloud computing and risk assessment and treatment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The change management process controls changes to IT services and associated components are recorded and then evaluated, authorised, prioritised, planned, tested, implemented, documented and reviewed in a controlled manner.; A change review board assesses the impact of all system and software changes. Major architectural changes are reviewed by an architecture review board (ARB) for security, service level, and complexity issues. All versions due for release to any client must have prior undergone Quality Assurance and Release Management process to ensure that changes to issued software are controlled, are thoroughly tested, and are of high quality.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are identified via suppliers, Microsoft, NCSC and similar bodies. Regular vulnerability scans/pen tests are also carried out.; The assessment is carried out in-house or by an external company, and typically covers: -assessment of the security of all routes into the internal network from the Internet; -Externally-facing web servers; -Business critical servers on the internal network.; Where configuration changes are recommended, these are actioned through the change management process so that appropriate controls are in place for testing, risks assessment and backout.; Payroll Team ensure that internal systems are regularly patched with the operating system and software updates.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Various monitoring and alerting tools are used primarily within the Azure Security Centre; Regular reviews are performed of the dashboards and audit logs and any identified incidents investigated and if appropriate actioned.; Alerts are investigated immediately. Other flagged incidents are reviewed on an at least weekly basis.
• Incident management type: Supplier-defined controls
• Incident management approach: SQEPtech has a set or pre-defined processes for managing and recovering from common events. These are regularly tested via incident management exercises. The steps: event occurrence; event detection and notification; logging; event correlation and filtering; actions as needed; action review; incident close.; Personal data breaches are investigated by SQEPtech's Data Protection Officer, who will inform and advise regarding communication to the affected Client(s) directly without any undue delay and will inform the Information Commissioner’s Office as appropriate.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SQEPtech takes action to combat climate change covering energy use, emissions and waste including from transportation and consumables. This includes: regular review of IT infrastructure needs to minimise energy consumed by this infrastructure and the minimisation of business travel to reduce transport-related emissions by using Teams and remote working tools extensively.

  Covid-19 recovery

  SQEPtech's business is fully remote and hence supports effective social distancing and remote working. This also assists those members of staff from both SQEPtech and the client who are shielding or supporting CEV individuals. As a fully remote company, it is able to host all meeting remotely, maintaining social distancing and avoiding travel (however, where required by a client SQEPtech's team members are able to meet at the client's site). As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK.

  Tackling economic inequality

  As a technology start-up company SQEPtech is a fully remote company within the United Kingdom and is able to staff its team from skilled workers across all the regions within the UK. As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK. Additionally, SQEPtech's business model enables it to employ staff from groups that may find it harder to re-enter employment such as those caring for children or with other caring responsibilities. SQEPtech has a Code of Business Conduct that sets out its fair and responsible approach to working. This is supported by policies including data protection, data privacy, ethical trading, modern slavery, anti¬ bribery & corruption, gifts & hospitality, equality & diversity, environmental management and health & safety.

  Equal opportunity

  SQEPtech has an Equality & Diversity Policy which all team members must comply with. This is reflected with our Code of Business Conduct as this extract shows: "Diversity & Inclusion We value all our people, regardless of background and experience. We value all the skills and ideas our people bring to bear on developing and delivering solutions to clients and to internal customers. SQEPtech's strength is in this diversity. Diversity & Inclusion We: -Respect the contribution of all. - Embrace inclusive practices. -Treat others with respect, dignity and expect to be treated this way in return. -We encourage people to collaborate and contribute to activities. -Manage compensation and promotions fairly based upon performance. -Speak up when we see, hear or experience any form of discrimination."

  Wellbeing

  SQEPtech has a culture that supports our team's wellbeing through creating and enabling team members to develop a work-life balance that works for them. This builds upon a fully remote structure and extends to how SQEPtech team members manage their working hours, SQEPtech has a health & safety policy, signed by the CEO. This is the main statement from the policy: "SQEPtech considers health, safety and environment matters to be important principles of ethical business. This policy applies to all of SQEPtech's operations wherever they are carried out and is reviewed, and if necessary revised, on an annual basis. The Chief Executive Officer has overall responsibility for implementing this policy. We do not compromise over the health & safety of our people. We balance social, environmental and economic priorities to create value for all our stakeholders. We protect and improve the environment wherever we can. We are committed to continuous improvement in both our performance and management of health, safety and the environment."

Pricing

• Price: £3.25 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.