CODA TECHNOLOGY LIMITED

Codapay

At Codatech, we believe that technology should be less complex, cutting down on administrative burdens and helping businesses. Our payroll software, Codapay, was designed with these principles in place and helps businesses utilise the advantages associated with technology and automation. Codapay caters to bulk umbrella and PAYE processing markets.

Features

  • Smart payroll software to handle payroll without capacity limitations
  • SaaS-based cloud solution
  • All pay models supported out of the box (umbrella,hybrid,SE/Ltd)
  • All payment types supported (e.g. PAYE, CIS)
  • Instantly pay all your workers with one button click
  • Unrivalled reporting suite, including mass email / SMS communications
  • Access to key documents and information including contracts, payslips, invoices
  • Unlimited users and multi-company support
  • Expense entry processes included as part of worker portal
  • Designed with scale in mind, 10 or 10,000 payments/week

Benefits

  • Reverse and correct errors without the hindrance of locked pay-periods
  • Connect to the software from any location, providing complete flexibility
  • Full RTI direct to HMRC for payroll compliance
  • Direct integration with NEST and csv for all pension providers
  • Full data access and custom reporting
  • Dedicated support team to help you round the clock
  • Cloud based flexibility so you can access anywhere
  • Account Manager assigned so we scale with your business growth

Pricing

£3,000 a unit

Service documents

Framework

G-Cloud 12

Service ID

3 4 0 3 4 2 2 6 8 2 8 7 7 8 6

Contact

CODA TECHNOLOGY LIMITED Tom Soper
Telephone: 07497 084037
Email: tom@codatech.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Downtime may occur during planned maintenance. However, these will only occur overnight or at weekends.
System requirements
Compatible browser - IE11+, Edge, Safari, Firefox, Chrome, Opera

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our response time SLA is 2 hours. However, we typically reply within less than 60 minutes.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
The internet can be a great enabler and source of freedom for disabled users. At Codapay, we are committed to ensuring that our services are as accessible to disabled and elderly people as reasonably possible. We aim for a consistently high level of usability for our entire audience across all of our websites, following best-practice accessibility guidelines. We engage with disabled, non-disabled and elderly people throughout website development to fully understand user requirements and ensure we produce sites that meet these. We also create specific content or tools to enable particular disabled user groups to get a better experience. Codapay is committed to sharing its experience of how to create usable and accessible websites via our accessibility standards, and by working with the wider accessibility and disability communities and the rest of the UK web industry.
Onsite support
Yes, at extra cost
Support levels
Support hours are 09:00 - 17:00, Mon - Fri, and is included in our standard licensing agreement. Out of hours support can be discussed on a case-by-case basis at an additional cost. Support is available by phone and email, as complimentary products to our Service Desk. Response times for P1 incidents is 2 hours, P2 is 4 hours, P3 is 8 hours and P4 is 72 hours. Our standard licensing agreement has 20 hours of support included free of charge. Any hours tracked above 20 will be chargeable at our standard rate (see Ts & Cs for more information). Bespoke development is available at a standard hourly rate (see Pricing Document for more information). Customers are appointed a 2nd line technical liaison, as well as a dedicated account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon acceptance to license our product, we set users up with their instance in DEMO mode. This can be for any length of time up to 2 weeks. At any point during this period, customers can choose to go-live, otherwise they will default to going live after 2 weeks. Remote training is included in the licensing cost; if onsite training is required, this can be arranged at additional cost. User documentation is available via our service desk knowledge base.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users are able to extract all raw data from our system via their standing reporting dashboard (in CSV format). We are also happy to assist with an extract of database backups.
End-of-contract process
Our SaaS contract includes setup/configuration, standard pricing for additional instances, RTU licence, training and support. Contracts are available on a 1, 12, 24 or 36 month basis, with a charge per worker processed on weekly, fortnightly and monthly bases. As the number of workers being processed can vary, we charge a minimum subscription of 40% of the contract value to ensure our costs are covered. 20 hours of support are included as standard within the licensing agreement. Additional / bespoke development is charged in addition (a feature request can be raised via our customer portal and a quote will be provided by your dedicated account manager).

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no functional differences between mobile and desktop - these are purely cosmetic/UIUX specific (e.g. button placement, removal of some images etc.)
Service interface
Yes
Description of service interface
The Service Interface allows users (Administrators and Standard) to access the relevant application configuration settings. Administrators can configure, manage and monitor all aspects of the system relating to their organisation. Standard users can modify their own personal settings.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The internet can be a great enabler and source of freedom for disabled users. At Codapay, we are committed to ensuring that our services are as accessible to disabled and elderly people as reasonably possible. We aim for a consistently high level of usability for our entire audience across all of our websites, following best-practice accessibility guidelines. We engage with disabled, non-disabled and elderly people throughout website development to fully understand user requirements and ensure we produce sites that meet these. We also create specific content or tools to enable particular disabled user groups to get a better experience. Codapay is committed to sharing its experience of how to create usable and accessible websites via our accessibility standards, and by working with the wider accessibility and disability communities and the rest of the UK web industry.
API
Yes
What users can and can't do using the API
Our API is already accessed by several 3rd parties. We expose only necessary, GDPR compliant data. It is open and readily available to suppliers that wish to use it as-is. Any changes required will incur development charges.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our software has been designed with customisability in mind. We are able to apply changes to specific customers upon their request, at an additional charge. Two common examples we are often asked for include a change in workflow/process or development of a bespoke report.

Scaling

Independence of resources
Our software is cloud hosted and therefore compute resource is infinity scalable on demand.

Analytics

Service usage metrics
Yes
Metrics types
Standard metrics such as downtime/uptime, active sessions, concurrency, as well as number of emails, SMS sent etc.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export all of their data as a csv file from the reporting section of the system. We are able to provide a copy of the latest database backup upon request.
Data export formats
  • CSV
  • Other
Other data export formats
Database backup
Data import formats
  • CSV
  • Other
Other data import formats
Database backup

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.9% availability during core business hours (9am-5pm), Monday to Friday, excluding English bank holidays. Service credits are available in our standard terms for any SLA breach.
Approach to resilience
Available on request
Outage reporting
Email alerts to customers from our service team. Status updates / notifications are also published via our Service Desk platform.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
All staff members (permanent and contract) must sign to state they have read and understood the Information Security policies. Background checks are undertaken. We review administrator level accounts on a quarterly basis and ensure any no longer utilised are removed. Access levels to any system are commensurate to their role. We use only accredited hosting providers. We are also pursuing ISO/IEC 27001 certification.
Information security policies and processes
All staff members (permanent and contract) must sign to state they have read and understood the Information Security policies. A review of their understanding is undertaken annually and policies resigned. Failure is reported at CxO level. All new starters are required to read and confirm all policies and procedures and again at least annually. Any changes made during the period are notified to the whole company.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All our source code is tracked through life using Jira and Azure DevOps, which logs all changes made and any impacts. In addition, all changes made to our hosted environments follow a full electronic change control process, to ensure a robust audit trail and full compliance with internal security policies.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We use a variety of sources to recognise potential threats. We scan our environments for known threats on a weekly basis - prior to any release - to determine where any vulnerabilities may exist. Furthermore, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue. We use accredited cloud hosting providers that ensure infrastructure is regularly patched and maintained to avoid any security threats.
Protective monitoring type
Undisclosed
Protective monitoring approach
We have processes and procedures in place to actively monitor and proactive resolve any potential compromises. Our hosting provider also has the same. CxO are informed of any breaches in a timely manner. Any breaches are immediately impact assessed - and the root cause analysed - so that necessary actions can be taken. Where customer data may be compromised, we would inform any affected customers as soon as it is practical to do so.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process differs based on the type and severity of incident. For more information, see Service Definition document.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3,000 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
2 weeks' of unlimited access to the system. Demo instances can be requested via our website.
Link to free trial
https://www.codapay.co.uk/

Service documents