Liberata UK Ltd

Liberata Finance & Accounting and Payment Solutions

Finance and Accounting solutions comprising full financial transactional processing and reconciliation solutions. Receipting and payment solutions support multiple payment and receipting channels and include emergency and contingency payment options. BACS approved commercial Bureau. Cloud based services include various integration options including API and other interface solutions.

Features

• Finance and accounting transaction based services
• Consumption based pricing and usage model
• Expert financial reconciliation solutions
• End to end financial process solutions
• Expert implementation support
• Full reporting, accounting and IT support wrapper for services available
• Specialist public sector banking services
• Multiple input / output options and formats available
• Integration, data transformation solutions
• Fully accredited BACS Bureau and secure cheque printing solution

Benefits

• Supports integration of existing systems and applications
• Avoids costly integrations and reduces manual intervention
• Tried and tested low risk solutions
• Step change cost savings
• Business process automation and simplification
• End to end solution, including accounting and audit requirements
• Improved accuracy and efficiency levels
• Reduction in error and fraud
• System enforced validation and control ensures consistency and data integrity

£0.01 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidadmin@liberata.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

732904267444233

Contact

Bid Co-ordinator
020 7378 3700
bidadmin@liberata.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None.
• System requirements:
  • Majority of services are browser based.
  • Citrix client required for some solutions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email accounts are monitored during service hours, acknowledged within 15 minutes and all emails received would be reviewed within one hour of receipt. Response times would vary depending on the severity of the issue in accordance with our published support SLAs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: P1 – Response Time – 15 working mins / Fix Time – 4 working hours; P2 – Response Time – 1 working hour / Fix Time – 8 working hours; P3 – Response Time – 2 working hours / Fix Time – 16 working hours; P4 – Response Time – 4 working hours / Fix Time – 7 working days; ; Additional support can be provided based on specific client requirements, incremental pricing per standard rate card
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Liberata has, as part of its standard implementation template set, standard project plans highlighting the normal tasks and timeframes associated with the implementation of Cloud services. The templated project plans will be used as a basis for an individual client implementation and the Liberata Project Manager allocated to the project will update the plan to take accord of any specific client dependencies and constraints which may impact the implementation timeframes. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client. ; Guidance documentation is available, and where appropriate as part of initial engagement Liberata would host one or more workshops with customer representatives to understand requirements and confirm scope of solution. During these workshops Liberata would provide full details/explanation of functionality available in order for customers to identify key elements to be made available to satisfy their requirements. This would include basic configuration requirements and options together with review and confirmation of interfaces and other inputs / outputs.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Open API (also known as Swagger)
  • Xml
  • Csv
  • JSON
• End-of-contract data extraction: The extract of data and secure provision of this data is supported by Liberata. We would define precise data requirements with clients as part of our exit process.
• End-of-contract process: Liberata has, as part of its standard contract exit template set, standard project plans highlighting the normal tasks and timeframes associated with the exit process. The templated project plans will be used as a basis for an individual client exit and the Liberata Project Manager allocated to the exit project will update the plan to take accord of any specific client dependencies and requirements. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User presentation layer is reactive - no difference in functionality
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our services utilise various interfaces depending on the solution, this can range from swagger documents, JSON for APIs, file specifications for SFTP transfers in XML, JSON, CSV, Excel forms. Users of our solutions can access via a URL across a range of devices
• Accessibility standards: None or don’t know
• Description of accessibility: Browser based access to services
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: APIs have a degree of flexibility so would be managed at customer level to minimise impact on customer development requirements
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There is flexibility that can be applied within our solutions. This would be agreed in discussion with customers as customisation / individual requirements can be delivered subject to this remaining within overarching solution design.

Scaling

• Independence of resources: The hosting platform has been scaled to support user growth. When new clients are onboarded, additional capacity will be added as required based on an assessment of the number of users/solutions implemented. Additional capacity is also added as part of ongoing service management based on predicted growth rates. Our systems are monitored and can scale out as indicated by the monitoring service.

Analytics

• Service usage metrics: Yes
• Metrics types: Report detailing performance and volumetrics for each solution to customer has access
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Would depend on solution - csv, excel, xml etc
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Excel
  • Xml
  • .dat
  • .txt
  • Json
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Excel
  • Xml
  • .dat
  • .txt
  • Json

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.75% during business hours.
• Approach to resilience: We design resilience into our services across all layers, with no single points of failure. The management of the platforms ensures both security and availability are at a premium. Further information available on request.
• Outage reporting: Liberata provides a forward schedule of change detailing planned service outages. In addition we provide incident communications for any unplanned outages that may occur.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The standard out of band services are restricted to administration/ support staff who are security cleared to the appropriate levels based on CESG guidelines
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 19/04/2010
• What the ISO/IEC 27001 doesn’t cover: IT hosting outsourced to a third party (other than using our current hosting provider)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security governance is based on the ISO27001 management system and is underpinned by formal governance boards and the following policies:; Corporate IT Policy Handbook; Business Continuity Policy; Physical Environmental Security Policy; Security Management Plan (restricted document); Data Asset Management; Information Classification Matrix; Document Management Retention Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Change Management Process is aligned and certified to ISO20000 IT Service Management (ITMS) A UKAS accredited body performs external audits to test the policy and procedural compliance to ISO20000. A Change Advisory Board (CAB) set the requirements to which the life cycle of change is managed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular scanning is in place to identify vulnerabilities and the required remediation implemented to a defined plan to comply with PSN and ISO27001
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Servers have security logs in Audit Collection Services, within Microsoft System Operations Manager. Managed network devices have security logs shipped to Cisco Monitoring, Analysis and Response solution. ; ; Logs are retained for at least 6 months including: ; User or process Unique ID; ; Date and time of event; ; Physical or logical address; ; Type of service executed; ; Privileged command executions; ; In-bound email traffic claiming origination from PSN addresses or from 'null' addresses; ; Excessive outgoing web traffic; ; Regular data exchanges with external addresses; Log record changes. ; We have a SyOPs document which details the frequency for manually validating access controls and firewalls logs, etc.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed via the Service Desk with an incident management team responsible for coordinating and directing the response

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Other
• Other public sector networks: Currently connect to a Central Government Department network (existing customer)

Social Value

• Fighting climate change:

  Fighting climate change

  We are working towards achieving net zero emissions by 2040, and our plan is published on our company website. We are already making progress to achieve this including:; ; • Emissions Reduction Targets- Achieve a 100% reduction of direct carbon dioxide equivalent (CO2e) emissions by 2040. We project that carbon emissions will decrease over the framework duration by 345.4 tCO2e by 2026. This is a reduction of 31% compared to the 2020 baseline. ; • Energy-efficient Data Centres – Delivering scalable platforms reducing carbon production by 65% compared to traditional hosting; • Hybrid Working Programme – Enabling more flexible working to encourage individuals back into work and reduce travel related carbon emissions by up to 96%; • Sustainable Transport Scheme – Including electric car purchase and cycle to work initiatives alongside favourable car allowance schemes for use of electric/hybrid cars for business purposes; ; We also have projects and working groups in place covering the following initiatives:; ; • Full Implementation of ISO 14001; • Procurement of energy supplies from renewable sources; • Decarbonisation of heating systems; • Increased reuse and recycling of consumables; • Co-location of data services to low carbon centres
• Wellbeing:

  Wellbeing

  Our Giving Back Social Value programme invests in supporting our employees, struggling families and the most vulnerable to address their health and wellbeing. Every product or service sold contributes towards the Giving Back funding which is allocated to delivering initiatives across the UK. The initiatives that we deliver include: ; ; • Sports Team Kits - Providing match kit and equipment for local youth sports teams to ensure greater participation and improve wellbeing; • Volunteer Programme – Supporting activities including: school reading and writing CV building, interview skills & cycling proficiency; • Crowdfunding Programme – Managing initiatives to support community developments ; • Outplacement/Career Coaching Services – Delivering tailored programmes to help those struggling with their mental health or anxiety to secure new opportunities ; • Summer of Love – In partnership with the British Heart Foundation, we promote Health & Wellbeing across the business and offer free of charge comprehensive health-checks (blood pressure, heart-rate, metabolism, BMI for information and recommendations to maintain a healthy lifestyle). The recent theme has been on ‘mindfulness’, considering the importance of mental health through the pandemic; ; In addition we have a dedicated local Health and Wellbeing co-ordinators at each of our sites from which we deliver this service who are there to promote the wellbeing of our employees and residents and host fortnightly 15 minute sessions on a variety of health initiatives including meditation, yoga and relaxation techniques which are available to all employees during the working day. ; ; Other initiatives include free eye testing and flu vaccinations along with resilience workshops run with Renovo who are part of the Liberata organisation. We also have our Employee Assistance Programme which provides support, counselling and advice to all employees and family members free of charge and is available 24/7.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidadmin@liberata.com. Tell them what format you need. It will help if you say what assistive technology you use.