Liberata UK Ltd

Liberata Finance and Accounting Transactional Processing and Reporting Solutions

Finance and Accounting solutions comprising full financial transactional processing and reconciliation solutions. Receipting and payment solutions support multiple payment and receipting channels and include emergency and contingency payment options. BACS approved commercial Bureau. Cloud based services include various integration options including API and other interface solutions.

Features

  • Finance and accounting transaction based services
  • Consumption based pricing and usage model
  • Expert financial reconciliation solutions
  • End to end financial process solutions
  • Expert implementation support
  • Full reporting, accounting and IT support wrapper for services available
  • Specialist public sector banking services
  • Multiple input / output options and formats available
  • Integration, data transformation solutions

Benefits

  • Supports integration of existing systems and applications
  • Avoids costly integrations and reduces manual intervention
  • Tried and tested low risk solutions
  • Step change cost savings
  • Business process automation and simplification
  • End to end solution, including accounting and audit requirements
  • Improved accuracy and efficiency levels
  • Reduction in error and fraud
  • System enforced validation and control ensures consistency and data integrity

Pricing

£0.005 per unit

Service documents

G-Cloud 11

126843310521941

Liberata UK Ltd

G-Cloud Bid Administration

020 7378 3700

bidadmin@liberata.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Majority of services are browser based.
  • Citrix client required for some solutions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email accounts are monitored during service hours, acknowledged within 30 minutes and all emails received would be reviewed within one hour of receipt. Response times would vary depending on the severity of the issue in accordance with our published support SLAs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels P1 – Response Time – 15 working mins / Fix Time – 4 working hours
P2 – Response Time – 1 working hour / Fix Time – 8 working hours
P3 – Response Time – 2 working hours / Fix Time – 16 working hours
P4 – Response Time – 4 working hours / Fix Time – 7 working days

Additional support can be provided based on specific client requirements, incremental pricing per standard rate card
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Liberata has, as part of its standard implementation template set, standard project plans highlighting the normal tasks and timeframes associated with the implementation of Cloud services. The templated project plans will be used as a basis for an individual client implementation and the Liberata Project Manager allocated to the project will update the plan to take accord of any specific client dependencies and constraints which may impact the implementation timeframes. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client.
Guidance documentation is available, and where appropriate as part of initial engagement Liberata would host one or more workshops with customer representatives to understand requirements and confirm scope of solution. During these workshops Liberata would provide full details/explanation of functionality available in order for customers to identify key elements to be made available to satisfy their requirements. This would include basic configuration requirements and options together with review and confirmation of interfaces and other inputs / outputs.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Open API (also known as Swagger)
  • Xml
  • Csv
End-of-contract data extraction The extract of data and secure provision of this data is supported by Liberata. We would define precise data requirements with clients as part of our exit process
End-of-contract process Liberata has, as part of its standard contract exit template set, standard project plans highlighting the normal tasks and timeframes associated with the exit process. The templated project plans will be used as a basis for an individual client exit and the Liberata Project Manager allocated to the exit project will update the plan to take accord of any specific client dependencies and requirements. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service User presentation layer is reactive - no difference in functionality
API Yes
What users can and can't do using the API APIs have a degree of flexibility so would be managed at customer level to minimise impact on customer development requirements
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation There is flexibility that can be applied within our solutions. This would be agreed in discussion with customers as customisation / individual requirements can be delivered subject to this remaining within overarching solution design.

Scaling

Scaling
Independence of resources The hosting platform has been scaled to support user growth. When new clients are onboarded, additional capacity will be added as required based on an assessment of the number of users/solutions implemented. Additional capacity is also added as part of ongoing service management based on predicted growth rates. Our systems are monitored and can scale out as indicated by the monitoring service.

Analytics

Analytics
Service usage metrics Yes
Metrics types Report detailing performance and volumetrics for each solution to customer has access
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Would depend on solution - csv, excel, xml etc
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Xml
  • .dat
  • .txt
  • Json
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Excel
  • Xml
  • .dat
  • .txt
  • Json

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.75% during business hours.
Approach to resilience We design resilience into our services across all layers, with no single points of failure. The management of the platforms ensures both security and availability are at a premium. Further information available on request.
Outage reporting Liberata provides a forward schedule of change detailing planned service outages. In addition we provide incident communications for any unplanned outages that may occur.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The standard out of band services are restricted to administration/ support staff who are security cleared to the appropriate levels based on CESG guidelines
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 19/04/2010
What the ISO/IEC 27001 doesn’t cover IT hosting outsourced to a third party (other than using our current hosting provider)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Security governance is based on the ISO27001 management system and is underpinned by formal governance boards and the following policies:
Corporate IT Policy Handbook
Business Continuity Policy
Physical Environmental Security Policy
Security Management Plan (restricted document)
Data Asset Management
Information Classification Matrix
Document Management Retention Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The Change Management Process is aligned and certified to ISO20000 IT Service Management (ITMS) A UKAS accredited body performs external audits to test the policy and procedural compliance to ISO20000. A Change Advisory Board (CAB) set the requirements to which the life cycle of change is managed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Regular scanning is in place to identify vulnerabilities and the required remediation implemented to a defined plan to comply with PSN and ISO27001
Protective monitoring type Supplier-defined controls
Protective monitoring approach Servers have security logs in Audit Collection Services, within Microsoft System Operations Manager. Managed network devices have security logs shipped to Cisco Monitoring, Analysis and Response solution.

Logs are retained for at least 6 months including:
User or process Unique ID;
Date and time of event;
Physical or logical address;
Type of service executed;
Privileged command executions;
In-bound email traffic claiming origination from PSN addresses or from 'null' addresses;
Excessive outgoing web traffic;
Regular data exchanges with external addresses; Log record changes.
We have a SyOPs document which details the frequency for manually validating access controls and firewalls logs, etc.
Incident management type Supplier-defined controls
Incident management approach Incidents are managed via the Service Desk with an incident management team responsible for coordinating and directing the response

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Other
Other public sector networks Currently connect to a Central Government Department network (existing customer)

Pricing

Pricing
Price £0.005 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑