GoCardless

GoCardless Recurring Payments Platform

Over 75,000 organisations use GoCardless to automate collecting money from bank accounts via direct debit and open banking.

In government, our clients include the DVSA, the Cabinet Office and local Councils.

Other customers include the Guardian and Ovo Energy.

Features

• Flexible payments; collect on any day of the month.
• Take subscription payments, variable invoices or one off payments.
• Collect instant payments via open banking.
• Pre-built integrations via partners for simple implementation and operation.
• Bacs approved and ISO27001 certified, FCA regulated.
• Access to industry leading API including webhooks and client libraries.
• Real-time notification of failed or cancelled payments.
• Automatically and intelligently retry failed payments.
• Go-live in as little as two days, with SUN provided.
• Deploy the product to meet your unique use case(s).

Benefits

• Automate processes with pre-built integrations.
• Build your own custom integration with our industry-leading API.
• Fully branded payment flow or customise payment pages/email notifications.
• Less admin: automated payment collection and real-time payment status notifications.
• Save time with automatic renewals: no more chasing repeat payments.
• Improve customer support: instant notifications on payment failures and cancellations.
• Reduce payment failure rates with automatic bank account verification checks.
• Benefit from GoCardless' continued development of anti-fraud solutions

£4,800 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@gocardless.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

976103020646297

Contact

Public Sector team
020 8338 9537
government@gocardless.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: GoCardless has over 250 integrations with Accounting, Billing and CRM systems, such as Sage, Salesforce and Zuora.; ; You can search our partners here: https://gocardless.com/partners
• Cloud deployment model: Private cloud
• Service constraints: Very occasionally we have planned downtime for important database maintenance. Customers are notified via email well in advance of this. You can also view the status of GoCardless here: https://www.gocardless-status.com/. Uptime for the last year at the time of writing is 99.99% (1st May 2021-1st May 2022).
• System requirements: Access to the internet via browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Customer Support team has set SLAs for response times, depending on the customer success package chosen. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document.; ; We offer support by phone and email; customers on our Premium package have access to priority phone lines and 24/7 support. ; ; GoCardless also offers an award-winning online support centre, which can be accessed below:; https://support.gocardless.com/hc/en-gb.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our Support Team is based in London and provides phone and email support. Standard support is provided from Monday to Friday 9 am to 6 pm. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document. Customers on our Premium package have access to priority phone lines and 24/7 support. ; ; GoCardless also offers an award-winning online support centre, which can be accessed below: https://support.gocardless.com/hc/en-gb; ; GoCardless has won Customer Support awards for its online support services. **“Most Effective Self–Service Initiative” at European Contact Centre & Customer Service Awards * *
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: GoCardless offers the following help to government services get started collected payments:; - Onboarding training following a train-the-trainer model; - Getting started section including tutorials and videos by topic in the GoCardless Support Centre and Knowledge Hub: https://support.gocardless.com and https://hub.gocardless.com/; - Guide to getting started with building an API integration: https://developer.gocardless.com/getting-started
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: - Extract customer/mandate data via the 'bulk change' process of migrating your customers' mandates from GoCardless to another Direct Debit provider (free of charge).; ; - Run and export payment and mandate reports (including dates, amounts and other historic information regarding payments taken, payments attempted, mandates setup and any additional customer information, such as unique reference numbers) in .csv format.
• End-of-contract process: We offer rolling and fixed-term contracts. ; ; To cancel the contract, simply email your Account Manager, or our Support Team on help@gocardless.com, requesting for your account to be terminated. ; ; The contract will then be cancelled in accordance with its terms, and fees will discontinued as appropriate.; ; There are no cancellation fees, and no other associated fees with cancelling the service. ; ; We will 'bulk change' / migrate your customers from GoCardless to another Direct Debit provider at the point of service termination for free, if required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The GoCardless website is responsive to ensure it can be used across all devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Dashboard & API
• Accessibility standards: None or don’t know
• Description of accessibility: Accessibility considerations are a fundamental part of the design of the GoCardless dashboard. All updates and releases consider accessibility, and we work towards meeting WCAG AA standards in all of our components.
• Accessibility testing: None at the time of writing. As above, we work towards meeting WCAG AA standards in all of our components.
• API: Yes
• What users can and can't do using the API: The GoCardless API allows you to create a custom integration connected to your existing software, in a way that best meets your unique needs. ; To use our API, customers sign up for a GoCardless account and create an access token which provides access to our API. ; Requests can then be submitted to our API by providing this access token when sending an HTTP request. ; GoCardless provides clear API documentation, pre-built code samples for popular programming languages and a free sandbox testing environment. We also provide onboarding and solutions engineering expertise, as well as free technical support for any questions.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: GoCardless allows you to create a fully customised payment solution. Our modern API enables you to build a custom integration into your existing business systems. This customised solution includes:; ; 1. Customised payment pages; 2. Customised notification emails for citizens.; 3. Your service or entity name on the end customer's bank statement.; ; If your needs are for something simpler to operate or faster to deploy, you can instead use the GoCardless hosted payments pages and our notification emails.

Scaling

• Independence of resources: We apply a rate limit to all API requests, to prevent excessive numbers of simultaneous requests from an individual integrator degrading the API experience for others. Currently, this limit stands at 1000 requests per minute, per merchant. If you are making requests from a partner integration (on behalf of a merchant), the rate limit is 1000 requests per minute per merchant. See rate limiting https://developer.gocardless.com/api-reference/#making-requests-rate-limiting

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We use data centres that comply with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Merchant end users can export their payment and mandate creation reports to an Excel file.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have an SLA for platform availability, with the top level of availability being 99.9%. We provide provide service credits in the result of it not being met, on a sliding scale.; ; Uptime for the last year at the time of writing is 99.99% (1st May 2021-1st May 2022).
• Approach to resilience: Available on request.
• Outage reporting: Updates in live time are available at:; https://www.gocardless-status.com/; ; Merchants are notified via email in advance for scheduled outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: GoCardless admin users need to be on company VPN and use two-factor authentification;; Infrastructure access is also under VPN and on a per-user basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 23/09/2016
• What the ISO/IEC 27001 doesn’t cover: We can provide the Statement of Applicability that accompanies our ISO 27001 certification, on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security work is coordinated by a designated group of managers and specialists which meets quarterly to assess the effectiveness of ongoing internal audits and security risk management. It is formed of individuals from different business functions, the majority being engineering staff. Progress is periodically reported to the Chief Product and Technology Officer. A security performance report is submitted annually to the CEO and the senior management team for review.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Technical changes and their impact on security are evaluated as part of the project scoping and delivery workflow. Mandatory peer reviews of code and technical stability is evaluated through unit and integration testing. ; Code and configuration files are managed using Github for version control, shared ownership and code review.; Software changes are integrated continuously including automated evaluation of code quality and running of unit and integration tests.; All urgent security patches are applied immediately and other updates as soon as reasonably practical.; Business and compliance changes are evaluated as part of routine weekly senior management meetings and quarterly Board meetings.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We use a third party.; ; GoCardless applies all urgent security patches immediately and applies other updates as soon as reasonably practical.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In the event of a serious incident, GoCardless will inform affected merchants and partners without undue delay, providing a summary of the extent, expected impact and status of the incident. Details for contacting GoCardless about that incident will be communicated with that information. Status updates will follow at regular, frequent intervals that will be determined during triage of the incident.
• Incident management type: Undisclosed
• Incident management approach: A team of experienced site reliability engineers is responsible for responding to technical and security incidents, and they follow a pre-defined process. The duty engineer role rotates weekly and the designated engineer is available to respond 24/7. Additional members of the team, including engineering managers can be contacted in the event of a particularly complex incident. Users can report issues via our normal support channels.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to reducing our impact on the environment and to leaving a more sustainable world for future generations.; ; In 2021, we became co-founders of the Tech Zero coalition, a group of businesses committed to taking climate action as part of the UNFCC Race To Zero. Since then, we became signatories of Business Ambition for 1.5°C, committing to set both short-term and long-term emissions reductions in line with the Science Based Target initiative Net Zero standard.; ; We have launched Sustainability Strategy and Net-Zero action plans. These set out our long-term strategy of not only reducing our impact, but seeking opportunities to create positive change. ; ; This also sets out our Science Based Targets for 2027 (short-term target) and 2035 (Net-zero).; ; Our Net-Zero action plan outlines how we plan to reduce our emissions and reach these targets by working with our customers, suppliers, and our employees.; ; We are continuously measuring and reviewing our progress. We are also creating tools to help our business partners to also create sustainability plans.; ; Additionally, we have reduced our market based scope 1 & 2 emissions by 90% since 2019 (in 2022 this reduction will reach 99%), and have developed a pilot project with one of our customers (the Big Clean Switch) to ensure the energy from customers' use of our product - alongside home working energy - is either provided by renewable energy, or matched.; ; You can read more about our sustainability initiatives, and find our action plans as well as other resources, here: https://gocardless.com/sustainability
• Equal opportunity:

  Equal opportunity

  We want GoCardless to be a diverse, inclusive and fair workplace for all and so we have increasingly placed a focus on Diversity and Inclusion (D&I). Our ambition is to look beyond pure demographics and foster a culture where true diversity of thought is nurtured and recognised as adding undeniable value to how we do business.; ; As part of this, GoCardless continuously reviews both our hiring processes and channels to eliminate bias. We’ve introduced programs that attract diverse talent and we continuously seek to create hiring experiences that are fair, transparent and accessible by all.; ; We are working on creating a transparent framework for how we grow and develop talent in a scaling organisation. This will include bringing more clarity on internal career opportunities and provide clear expectations on the behaviours we want to see aligned to our values and commitment to building an inclusive organisation.; ; Additionally, the introduction of systematic processes helps us ensure compensation decisions are data-driven, fair and competitive. We have also invested in Reward capability and expertise to ensure we bring pay equity into every step of the employee journey.; ; Lastly, GoCardless has volunteer employee resource groups (ERGs) to promote BEAM, gender equality, LGBTQIA+, and accessibility interests across the company, as well as give employees a community of people with whom they share experiences and interests.; ; You can read more, and find our gender pay gap report, here https://gocardless.com/about/diversity-inclusion; ; Our latest blog post on our gender pay gap report can be found here: https://gocardless.com/blog/en-gb-gocardless-gender-pay-gap-report-2020-21
• Wellbeing:

  Wellbeing

  Much of our focus on our employee's wellbeing overlaps with our equal opportunity initiatives above. In addition to our answers there we’ve been providing activities such as lunchtime yoga and pilates, flexible working, team lunches (and lunch roulette), as well as weekly/monthly town halls for years. We also provide run ad-hoc events, such as providing employees with a takeaway allowance allowing them to eat virtually together. ; ; We adopted hybrid working (ie. with employees in the office and remote) since before the coronavirus pandemic, and will continue to work on our model in line with international feedback. ; ; Employees are encouraged to talk to line managers about any concerns they have, as well as being able to submit questions in town halls to be answered by senior staff. ; ; We provide an annual learning allowance in partnership with Learnably, and run an annual career development week in combination with ad-hoc events. ; ; Employees are able to join remote exercise sessions, and we run a range of mental health & wellbeing events throughout the year.

Pricing

• Price: £4,800 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@gocardless.com. Tell them what format you need. It will help if you say what assistive technology you use.