Assure Expenses

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Allocate will normally perform Scheduled Maintenance activities during Out of Hours.

Emergency Maintenance may be required as a result of identifying a problem through on-going monitoring and management that could potentially cause an outage or failure of the SaaS Services. Allocate will use reasonable endeavours to provide the Customer advance notification if possible and manage such Emergency Maintenance in such a way as to minimise impact on the Customer's operations.

Emergency Maintenance may be conducted at any time.
System requirements: Please see Service Definition for full details.

User support

Email or online ticketing support: Email or online ticketing
Support response times: During Service Desk hours we will aim to respond in up to 2 hours depending on the type of query.

24 x 7 emergency support only.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Users are able to type and respond to questions and get answers from our Service Desk agents.
Web chat accessibility testing: Accessibility testing is ongoing.
Onsite support: Onsite support
Support levels: Allocate Software provide a single, priority-based support model which is included, at no additional cost, within the pricing document provided. * Priority 1 - Within one (1) hour - Four (4) Support Service Hours * Priority 2 - Within one (1) hour - Sixteen (16) Support Service Hours * Priority 3 - Within one (1) Business Day - Forty-eight (48) Support Service Hours * Priority 4 - Within one (1) Business Day - Within the next Software release At the point of “Go Live” the customer shall be assigned a Customer Success Analyst who shall focus on two key areas in their support of the customer: *Software Adoption – The Customer Success Analyst will visit customers and work with them to help them on their journey to realise financial and non-financial benefits from the software. Once baseline information has been assessed, an Adoption Account Plan will be prepared to identify and address key areas to help organisations better utilise the software. *Proactive Support – Using dashboards to monitor performance, engagement and the level of adoption, the Customer Success Analyst in collaboration with Customer Support, will be able to alert concerns proactively or provide assistance where a situation could be improved.
Support available to third parties: No

Onboarding and offboarding

Getting started: Our Project Team have experience in successfully delivering hundreds of projects and will provide a proven implementation methodology in helping deliver your SelenityExpenses solution.

We will provide onsite training and/or online training from the point of implementing the solution to post implementation once SelenityExpenses is live. As standard, training is part of the implementation process to ensure users are ready to use and administer SelenityExpenses.

User documentation is available 24 hours a day via the Help and Support site.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: There are two primary and secure methods for data extraction at contract end. The user can perform a data extract using the included reporting engine. The reports engine allows for data to be extracted using numerous formats including CSV, Excel and Flat-File. The secondary method is for our Service Desk to perform the data extraction and use a secure courier service to deliver the data.
End-of-contract process: The system is a stand-alone, online solution. At the end of the contract the user has no obligation to continue with the service and there are no 'hooks' within the solution that would require use beyond the desired timeframe. Data is easily extracted by the user and if performed by the user, is at no cost.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The mobile version of Expenses is a dedicated app that is native to Android and iOS. This is a real app and not a HTML browser service.

The app includes GPS tracking, full submission and approval, Driver & Vehicle Duty of Care features, credit card reconciliation and the ability to snap receipts with OCR data capture.

Some administration functions and reporting services are only available through the browser version.
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: Connect SelenityExpenses to your HR/Payroll system to seamlessly provide employee information in to SelenityExpenses and receive employee / expense information back in to your HR/Payroll system.

The system is role based and an "API" role must be enabled for any user wishing to use it. It is a RESTful API so start commands such as PUT are executed against endpoints to perform the necessary actions.
API documentation: Yes
API documentation formats: HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Any authorised user with the necessary role can customise the service. This includes colours and logos but not the layout. The functionality of the service is extremely customisable, including the ability to customise data that is captured, what is mandatory or not, some field labels, flags, calculations (including home to base calculations), reportable information and more.

Scaling

Independence of resources: AssureExpenses is a cloud-based solution which enjoys the benefits of being able to scale up or down to service demand as required. 21 years of processing expenses online has allowed us a unique insight into traffic patterns that means we can scale in advance based on time of day, year, month or even one-off events. Our Service Desk uses sophisticated monitor systems to watch for unusual usage patterns which can then trigger a scale-up in the service.

Analytics

Service usage metrics: Yes
Metrics types: Transactions and usage reports built in product.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: There is an extensive data reporting service included within AssureExpenses. Data can be exported directly in CSV, Excel and Flat-File formats. Exports can also be scheduled to run at predetermined times. The reporting service includes graphing and charting tools.
Data export formats: CSV

Other
Other data export formats: Flat file

Excel
Data import formats: CSV

Other
Other data import formats: Excel

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.8%

Actual Service Availability is calculated as follows:
Service Availability = Operational Time – service Downtime x 100 % /
Operational Time
Approach to resilience: Available on request.

Industry standard best practices are followed.
Outage reporting: For any outages or system performance issues, email alerts are sent to our users administration teams. In addition there is a message notification on the logon page to alert end-users. Planned maintenance is also communicated through these channels as well as through Circle, our online user forum. We offer a status page showing real time and historical statistics on the uptime of our products.

Identity and authentication

User authentication needed: Yes
User authentication: Other
Other user authentication: Company ID, Username and Password

and/or

Single Sign On (SAML 2.0). IP address filtering for whitelisting.

On the mobile app we can authenticate with biometric authentication and/or pin authentication.
Access restrictions in management interfaces and support channels: The system is role based with view, add, edit and delete access roles for each element in the system. A user is assigned a role(s) with a list of elements and the permissions allowed.

Support channels are accessible through our customer portal, requiring a username and password or through the products.
Access restriction testing frequency: At least every 6 months
Management access authentication: Identity federation with existing provider (for example Google Apps)

Username or password

Other
Description of management access authentication: Company ID, Username and Password and/or Single Sign On (SAML 2.0). IP address filtering for whitelisting. On the mobile app we can authenticate with biometric authentication and/or pin authentication.

For further information on our application management access, information can be supplied upon request.

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: You control when users can access audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV GL
ISO/IEC 27001 accreditation date: 04/12/19
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS Digital Data Security and Protection Toolkit

Our hosting provider has further security certifications

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: Cyber Essentials Plus
Information security policies and processes: The Information Security Policy of the Company is designed in accordance with ISO27001 and GDPR to ensure that:

*The confidentiality, integrity and availability of information will be maintained at all times.
*All regulatory and legislative requirements are met and reviewed regularly
*Business continuity plans are in place and regularly maintained
*All breaches of security must be reported by employees and investigated by a Senior Member of the Management team and any necessary action taken.

This policy has been approved by the Senior Management Team and all managers are responsible for implementing the policy in their business area and ensuring adherence to the policy by their staff.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: AssureExpenses is hosted by Microsoft, as our full development lifecycle is managed using Azure DevOps. Every bug or enhancement is logged with a state and priority. The change will have wireframes and a storyboard, a coding strategy and a testing strategy before development commences. It will go through testing before following a release process in to production. Potential security impacts are captured by the Development team at code and test strategy time.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We have automated tools in place to perform vulnerability tests, code tests, penetration tests and infrastructure management to identify threats / vulnerabilities.

When a threat / vulnerability is highlighted, we follow our ISO 27001:2013 policies and procedures around information security risk management whereby we identify, evaluate, analyse, treat and monitor. Resolution timeframes are assigned dependent on the severity. We can supply further information upon request.

Information is sourced from automated tools, trusted websites, trusted partners, and IT and Information Security roles within Allocate.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Allocate collect multiple types of audit information and it is regularly analysed. Basic intrusion detection technologies are in place at the perimeter devices. Applications and services are monitored and reported in real time to the Allocate Operations monitoring centre.
Incident management type: Supplier-defined controls
Incident management approach: *Security Incident processes are in place for the Allocate Cloud service and are enacted in response to security incidents.
*Pre-defined processes are in place for responding to common types of incident and attack.
*A defined process and contact route exists for reporting of security incidents by consumers and external entities.
*Security incidents of relevance to them will be reported to customers in acceptable timescales.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: NHS Network (N3)

Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change and supporting Net Zero

RLDatix recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. To achieve this, RLDatix has completed the following:
• RLDatix has an Environmental Policy that is reviewed on an annual basis to ensure it is relevant to the business
• RLDatix has engaged our travel partners to ensure travel is as carbon efficient as possible, i.e., recommends trains rather than flights
• Throughout all RLDatix offices we provide waste receptacles for recycling and general waste, supporting the reduction of waste to landfill
• We encourage the reduced use of water and electricity and actively encourage the staff to consider the environment whilst printing
• Many of our solutions assist our customers in reducing their own carbon footprint, i.e., assisting with route planning for community-based staff
• RLDatix is working to be carbon neutral in the next few years and achieve ISO 14001 accreditation

Many of these environmental proposals help us and will help you in your path to Net Zero. We are firmly committed to carbon reduction, as demonstrated by our Carbon Reduction Plan, published here: https://rldatix.com/en-uke/corporate-responsibility/

Pricing

Price: £17.70 to £43.12 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Assure Expenses

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents