Polar Moment Ltd

Palladium Web - Payments processing and sales tax / VAT calculation for ecommerce platforms

Palladium Web allows you and your clients to accept ecommerce payments through your web applications. It can connect to virtually any acquiring back or payment processor. Palladium Web can also calculate VAT/sales tax including cases where consumption and/or buyer are outside of the UK.

Features

• Simple, single integration.
• Connects to virtually any acquirer or processor in any country.
• Multi-retailer; you can offer processing to multiple clients.
• No PCI-DSS implications.
• Provides sophisticated international sales tax / VAT calculation.
• Delivers comprehensive transaction-level management information.
• Delivers bespoke business rules and tailored functionality.
• Supports your brand and your client's brand requirements.
• Delivered as a fully hosted and maintained service.
• Range of implementation and support options available, including: 24x7.

Benefits

• Accept ecommerce payments anywhere in the world.
• No need to integrate with multiple acquirers or processors.
• Avoid the cost and effort of PCI compliance.
• Build bespoke business rules around the needs of your organisation.
• Promote your brand throughout the entire transaction flow.
• Analyse sales and payments at different levels of detail.
• Low cost operation.

£650 to £800 an instance a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.deed@polarmoment.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

667851964529430

Contact

Paul Deed
01252 810061
paul.deed@polarmoment.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None.
• System requirements: Either an API or ability to POST to a URL

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: One Hour during office hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our support service is manned during UK office hours and can be contacted through email, telephone or by raising a ticket on the Freshdesk system directly. Extended hours support, tailored to your particular needs and including 24*7 direct telephone access, is available upon request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: No training is required. User documentation is provided
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We will extract contents of the database and provide in CSV format.
• End-of-contract process: We will provide a copy of the database to you before deleting all transaction data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: UI is responsive to device size.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Branding and tax rules as well as language can all be customised.

Scaling

• Independence of resources: The system is hosted in AWS and uses auto-scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: Volume of transactions, value of transactions. Other metrics available on request
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Usually as CSV files though other formats can be provided on request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Monthly fee would be refunded if we didn't meet agreed availability. Standard availability guarantee is 99.99%, calculated over the length of the calendar month.; No client has ever experienced any system unavailability since the first customer went live in 2014.
• Approach to resilience: The system runs under AWS and this has provided adequate resilience for current customers. Indeed, we have never had an incident of the system being unavailable.; Greater resilience can be provided on request, exploiting AWS resilience features. We are an AWS Consulting Partner.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access is restricted to the support team and the information security manager and technical director ensure that permissions are managed accordingly. Again, this is covered by an ISO27001 accredited process.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 22/05/2024
• What the ISO/IEC 27001 doesn’t cover: There are no exemptions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Polar Moment's parent company, Latitude 91 Ltd. has an information security policy which is available to all staff and forms part of our ISO27001 compliance. The policy applies to too all those with access to Latitude 91 systems, including staff, contractors, clients and suppliers. It covers, but is not limited to, any systems or data attached to the company’s computer or telephone networks, any systems supplied by the company, any communications sent to or from the Company and any data that is owned by the company held on external systems.; Latitude 91 is committed to protecting the security of its information and information systems. The company will ensure that:; - information is always available to those who need it and there is no disruption to business. ; - confidentiality is not breached.; - the integrity of information is maintained.; - appropriate legal, regulatory and contractual clauses are complied with.; - the management team are committed to continually improve security.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We hold ISO27001 accreditation and manage configuration and changes through processes controlled by our quality management system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability of Palladium Web is reviewed with all other systems operated by the company on a bi-monthly basis, as set out in our ISO27001 processes. Unless the system is required to process refunds, the threat level is inherently low.; Patches are applied on a monthly basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily reports can be compared with customer's system to ensure that payments credited to them matches sales. ; Potential compromises would be reported to the company information security manager and resolved following the ISO27001 approved process.; All incidents would be responded to within 1 working hour.
• Incident management type: Supplier-defined controls
• Incident management approach: We operate an ISO27001 approved process for incident management. Users can report incidents through email, phone or support ticket.; Incident reports are emailed to customers.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Polar Moment and the Latitude 91 group continue to strive to meet demanding environmental, social, and sustainability commitments, aiming to be the best business we can be. As members of the SME Climate Hub (www.smeclimatehub.org), we are committed to achieving net-zero status by 2050.

Pricing

• Price: £650 to £800 an instance a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.deed@polarmoment.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.