INTERBACS LTD

BACS approved software, BACS Approved Bureau, Identity Verification, Direct Debit Management System

BACS approved software for the automation and processing of direct debits, direct credits and all supplier payments, connection to BACSTEL-IP. Full automation can be delivered via HSM and Direct Debit Management System.

Features

• BACS Approved
• Payment Automation
• Identity Verification
• BACS Reports Automation
• Integration with existing software
• 2FA is free of charge
• Payroll Automation
• Integrated Web Sign up
• Modulus Check
• Contingency Service

Benefits

• Process multiple payment files
• Verify the identity of your payers and payees
• Disaster recovery needs are met
• Work with any kind of payment file
• Submit payment files from any browser

£999.99 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@interbacs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

689734430729861

Contact

Ben Carey or Fikayomi Agbola
01616670758
sales@interbacs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • BACS Service User Number from sponsoring bank
  • Smart cards

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 0-2hours monday - friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Interbacs provide support to all customers as part of the standard terms. This can be both via telephone or helpdesk emails. The cost is included in the contract value with a team of 6 full time tech engineers supporting software clients
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: New customers are onboarded by the IT team. ; The onboard training can be done either onsite or online.; After the onboarding process is complete we provide documentation of the users reference. ; ; The typical online onboarding involves a Microsoft Teams call, where the Tech team will go over the software, how to use it and its functionality.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Docx
• End-of-contract data extraction: If a customer chooses not to renew their contract with us, they can request to send their data in a form a Excel report.
• End-of-contract process: All maintenance and support is included within the contract. Should a customer wish to add additional users, service user numbers (SUNs) or transaction licenses there are static costs that would apply. Any custom or additional development work would be agreed before commencement and be charged at a daily rate of £795

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: User interface provides multiple options for file upload for submission to BACS. All users permissions are configured pre-installation and provide segregation of duty. The interface is clear and allows for file validation, approvals & signing & sending files with access to reports and audit trail also available.
• Accessibility standards: None or don’t know
• Description of accessibility: Only permitted users can authorise files and approve them. Smart cards are needed by submitters unless an HSM is in use
• Accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: Users can use our API so sign and send BACS files to BACS.; Users can make changes to their Direct Debits through our system prior to sending to BACS (If the customers has the required software licence).; User can receive API generated reports of their data.; Users can set up and manage weekly, monthly & yearly Direct Debits.; Users cannot change Direct Debit values after it has left our system
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: API integration can be dynamic and comprise multiple business systems with multiple workflows and approval processes. The payment system can be customised to meet in house system integrations and major software integrations

Scaling

• Independence of resources: We ensure independence of resources through elastic scalability, resource isolation, load balancing, real-time monitoring, and redundancy. This guarantees consistent performance regardless of user demand.

Analytics

• Service usage metrics: Yes
• Metrics types: For the BACS process usage statistics, reports are available on a dashboard, as reports & through the API.
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Customers in our system have the choice of exporting their data in the following file formats:; .XLXS (Excel); .XHTML; .CSV; .XML
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • XHTML
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: TXT

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Microsoft authentication

Availability and resilience

• Guaranteed availability: We guarantee a high level of availability, typically 99.9% or higher, as outlined in our SLAs. If we fail to meet these levels, users are refunded according to predefined compensation terms outlined in the SLA. Refunds may vary based on the extent of downtime experienced by the user.
• Approach to resilience: Our service prioritizes resilience through redundant infrastructure, geographically distributed data centers, continuous backup, fault-tolerant architecture, and stringent security measures. While specifics of our data center setup are available upon request for security reasons, rest assured it aligns with industry standards for resilience and reliability.
• Outage reporting: Our service promptly notifies users of outages via email alerts, ensuring transparency and keeping customers informed about the status of our services.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through role-based access control, multi-factor authentication, and privileged access management. Network segmentation isolates these channels, while audit logging monitors all activities for security.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus; Cyber Essentials
• Information security policies and processes: We adhere to stringent information security policies and processes, including access control, data encryption, regular audits, incident response planning, and employee training. Our reporting structure includes dedicated security officers who report directly to executive management. Continuous monitoring and enforcement measures are in place to ensure compliance, with non-compliance addressed through disciplinary actions and corrective measures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We track service components throughout their lifecycle using a version control system. Changes undergo rigorous assessment, including security impact analysis, before implementation.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We assess threats through continuous monitoring and threat intelligence feeds. Patches are promptly deployed through automated systems. Information about potential threats is sourced from reputable security advisories and vulnerability databases.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We employ continuous monitoring and anomaly detection to identify potential compromises. Our incident response plan ensures immediate action, with escalation procedures for severe incidents. We prioritize swift response, aiming to contain and mitigate within minutes or hours.
• Incident management type: Undisclosed
• Incident management approach: Our incident management processes include:; ; Pre-defined Processes: We have pre-defined procedures for common events, ensuring consistent and efficient handling of incidents.; ; User Reporting: Users can report incidents through a dedicated support portal, email, or phone hotline. We provide clear instructions on how to report incidents effectively.; ; Incident Reports: After resolution, we provide incident reports detailing the nature of the incident, actions taken, and recommendations for preventing recurrence. These reports are shared with relevant stakeholders to ensure transparency and learning opportunities.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Interbacs are UK Based SME with over 20 years trading. Typically government bodies have opted to work with venture capitalist backed or private equity funded UK Bacs approved suppliers. As we are fully owned, financed & operated within the UK we strive to keep public money within the local economy

  Equal opportunity

  As an LGBTQ owned business Interbacs has a strong diversity ethos and provides opportunities to a significant minority workforce with less than a 25% of its workforce classified as white/British/straight

Pricing

• Price: £999.99 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@interbacs.com. Tell them what format you need. It will help if you say what assistive technology you use.