Calero Software Ltd

Expense Management Software Hosting & Invoice Loading

Calero's Expense Management (EM) Software Hosting & Invoice Loading solution is utilised by customers for the purpose of reducing monthly personnel workloads while providing comprehensive insight into telecommunications charges, usage, and optimisation opportunities across the client organisation, allowing client teams to focus time and resources on their core business functions.


  • Solution Hosting and Maintenance
  • Invoice Management (Receiving and Loading)


  • Secured data; limitless scalability; rapid deployment; limited risk; predicatable cost
  • Invoice automation through receiving and loading (automatic and manual loads)


£45330 per unit per year

Service documents


G-Cloud 11

Service ID

3 5 8 5 6 8 5 7 2 3 3 0 4 4 6


Calero Software Ltd

Rachel Knibbs

07880 187749

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The Calero solution can interface with a variety of HR and other ERP systems, including Active Directory, Novel eDirectory, SAP, Lawson, Remedy, ServiceNow, Oracle, PeopleSoft, and more.
Cloud deployment model Private cloud
Service constraints Scheduled maintenance/downtime appropriately scheduled outside of local business hours
System requirements
  • User interface requires a web browser with internet access
  • Installations require an installed browser on the server

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Online ticketing support is offered at an extra cost with a 24 by 7 response time for global customers.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Online help, via web-based chat, is provided to ensure customer personnel will always be moments away from professional support.

This wireless portal gives end users access to our mobile procurement workflow, which enables "self-service" ordering of mobile devices, accessories, services, and support.
Web chat accessibility testing Calero performs best practices in meeting the needs of our customers, specifically those related to assistive functionality.

We provide web chat to serve our customers, and if we cannot communicate support within the chat to the fullest extent necessary, Calero’s experts will be available via toll-free number(s) for response, troubleshooting, and resolution of the incident/issue addressed.
Onsite support Yes, at extra cost
Support levels During implementation, the escalation path is:

- Project Manager (POC) > Senior Manager Professional Services > Executive Sponsor

Following implementation, the escalation path for issues that cannot be resolved by the help desk in a timely manner is:

- Manager, Technical Support > Service Delivery Manager (POC) > Senior Manager Service Delivery > Executive Sponsor (VP, Operations)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of the proposed solution, we will develop a training program based on customer needs (e.g., number of roles, number of trainees, timeframe, skill level in developing the training program. We are able to draw on a number of training paradigms (e.g., classroom or on-site instructor-led training, remote training, train-the-trainer) to meet our Customer's specific training requirements. In addition, our software includes a detailed help system, and additional user documentation is available online. Documentation and training are updated with every major release to reflect the latest features and functions of the software.
Service documentation Yes
Documentation formats Other
Other documentation formats We provide Online User documentation
End-of-contract data extraction Server hard drives are security wiped (DoD 3). Inoperable drives and removable media such as diskettes, CDs and tape are physically destroyed.
End-of-contract process Price is impacted by a variety of factors, including customer operating environment, program selection, contract term, and additional features.

All pricing, as well as renewal and any potential monthly variance fees, are described in a mutually-agreed upon Statement of Work (SOW).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is no mobile app necessary for use on connected devices, so the Calero solution can be accessible from a mobile device via web browser.
Service interface Yes
Description of service interface The Calero solution features an intuitive tab-and-menu interface that is user-friendly and easy to navigate. This solution provides an integrated reporting tool that help users track and manage their telecom usage and spend, identify trends and exceptions, gain visibility into operational metrics, and much more. These tools include Insight Analytics, dashboards, reports, list views and exports. These resources feature role-based access directly through the Calero solution's easy-to-use browser interface.
Accessibility standards None or don’t know
Description of accessibility The Calero solution is accessed through a standard web browser and features a fine-grained, role-based access control system, which allows each user to be assigned limited system access appropriate to their specific job responsibilities. The ability to control assignment of access rights on a per group or per individual basis supports best practice principles of segregation of duties and data security.
Accessibility testing Calero performs best practices in meeting the needs to customers, specifically those related to assistive functionality.

Calero utilizes an Agile Scrum software development lifecycle process whereby all application modifications are associated with change tickets, which include tickets submitted on behalf of customer change requests. All change tickets traverse a workflow that includes peer reviews and quality assurance testing. During the peer review and quality assurance testing, the application is evaluated for security issues, design flaws and coding errors that will impact quality.
Customisation available No


Independence of resources There is no limitation on the number of users that the system can accommodate. Each client instance is installed on its own virtual server and users can access/view the same data concurrently. Data storage and processing power can be added as needed to support as many concurrent users as a customer requires.


Service usage metrics Yes
Metrics types The Calero solution checks each telecom invoice for potential savings opportunities and provides visibility into zero usage devices and switches, longest calls, downloads, voice, data, and texting usage and trends. Alerts are configured to notify users when they have reached a threshold or violated a usage policy.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The Calero solution includes an integration tool called EZ-Share, that simplifies the process of exporting data to other systems. EZ-Share lets you create multiple export configurations of organisation, cost, invoice, asset, inventory, or service data. Each configuration can have its own record layout and output. EZ-Share supports numerous data integration formats including XML, CSV, Excel and fixed length files.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Microsoft Word
  • Raw Data
  • Mircrosoft Excel
  • Fixed Length Files
  • HTML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • Microsoft Word
  • Raw Data
  • Microsoft Excel
  • Fixed Length Files
  • HTML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability • System Availability of Toll-Free Number: Percent of time toll-free number is available to customer (99.5% Global SLA Target)
• Speed to Answer: Percent of calls where the amount of elapsed time that an end user must wait after placing a call to the Calero Mobility Service Desk, as measured from the time the call is received in the Automated Call Distributor queue until the call is answered by a human being, is sixty (60) seconds or less (80% of all calls Global SLA target)

• Failure to meet SLAs for 2 Consecutive Months results in 3% credit of the 2nd month's Monthly Service Fees
• Failure to meet SLAs for 3 Consecutive Months results in 5% credit of the 3rd month's Monthly Service Fees
• Failure to meet SLASs for 4 Consecutive Months results in 10% of the 4th month's Monthly Service Fees, and any additional months until Calero is back in compliance
Approach to resilience All systems are monitored by 24/7 network applications system. Virus and Malware protection is deployed as well as intrusion protection. ​

Calero SaaS systems are centrally monitored for availability and health using commercial IT monitoring systems. Calero SaaS and on-premise deployable software includes system alerts that check, on a scheduled basis, for the following conditions:

• Inventory approaching model size limit
• Free disk space below threshold
• Database offline
• Scheduled archive failed to run
• "No Call Record" condition for intervals without call rating activity from selected CDR sources (client-defined schedule)
Outage reporting Calero follows a standard notification process, providing a minimum of 10 business days notice for scheduled outage/maintenance. All planned service changes (such as upcoming software patches or releases, or planned service outages) are communicated to clients in advance – in most cases, by the Calero Service Delivery Manager (SDM) or Client Success Manager (CSM) on the account. In the case of unplanned problems such as a service delivery failure or unplanned system outage, SDMs will reach out to affected customers via phone or email ASAP.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The Calero solution allows you to assign each of your end users to a Security Group that determines what functionality and data they can access in the system, based on their department, location, or job function. There are dozens of possible defined user roles which may affect the GUI tab pages, menu items, and menu items available to any given user.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS Accredited
ISO/IEC 27001 accreditation date 30/05/2018
What the ISO/IEC 27001 doesn’t cover Calero is currently ISO certified for UK customers, and ISO registered globally.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essential Plus - UK National Cyber Security Centre
  • Privacy Shield Framework
  • ISO 9001: 2015
  • Sarbanes-Oxley Compliant

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Yes; Our program is based on CIA; Confidentiality, Integrity, and Availability. Calero utilizes the principle of least access and service accounts per customer to isolate customer data. Each customer instance runs on a dedicated application server OS and database instance. Calero utilizes HTTP over SSL to encrypt data as it traverses the internet between Calero and our customers.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Calero has formal operational change management processes that include change control requirements, clear roles and responsibilities, segregation of duties, and security requirements. We also provide a general process step diagram that funnels the configuration process.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach • Annual third-party vulnerability scans and penetration testing
• Monthly internal vulnerability scans using NESSUS, in addition to IDS/IPS tools
• All host servers are fully patched with all vendor OS and application patches, automatically patched as new patches come out, and undergo vulnerability scans to verify that patches are applied.
• Utilizes Windows Server with IIS, ASP.NET, and SQL Server to provide services.
• Calero and customer dedicated IP connections are protected by firewalls
• Firewall changes are documented in the hosted service provider's workflow system
• Calero's hosted solution partner conducts network perimeter scans
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Evidence of access monitoring is provided in Calero's annual SOC2 Type II audit. In addition to the system state backups, a nightly image of the database is also taken, processed, and stored in multiple locations in the event of database corruption or data loss. A step-by-step procedure is maintained for each customer’s restoration process. Calero will notify customers as soon as practicable after a security event or breach (24 - 48 hours). A notification process will be established to maintain appropriate customer and Calero contacts and escalation points along with a communication plan.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Calero's incident management process includes:
• Documented value stream map
• SIPOC (Suppliers, Inputs, Process, Outputs, Customers) Diagram which describes the process for incident management
• A process swimlane flowchart that documents the "What" steps required in the process
• An established RACI for incident management roles and responsibilities • Process control metrics (KPIs)
• Control charts for process control metrics
• Standard operating procedures

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £45330 per unit per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑