GOV.UK
The Access Group
Access HCSS Accounting
Access HCSS Accounting is a fully cloud based accounting system that has been designed exclusively for schools, academies and multi academy trusts.
The software meets your everyday financial management needs and helps you to be a more effective business manager.
Features
- A comprehensive double entry accounting system
- A consolidation module as standard for MAT's
- Exclusively designed for Education
- Customise purchase orders,sales invoices,credit notes and BACS remittance
- Users benefit from “anywhere, anytime” access as fully cloud based
- Dynamic link to HCSS Budgeting
- Workflow and Authorisation
- Unlimited Users on a site license basis
- Ability to attach documents against transaction lines
- Powerful Reporting Suite
Benefits
- Improve operational efficiency and save money.
- Quickly add Purchase Orders
- On the fly editing allowing efficient usage
- HMRC Compliance for accurate VAT analysis.
- Mobile and Tablet ready on IOS, Android and Windows.
- Reduces errors and duplication saving time and money
- Fast adoption with minimal disruption.
- Purchase control workflow eliminates traditional paper
- Reporting allows informed decisions to be made
- Attach 5 documents per transaction
Pricing
£800 to £1600 per licence per year
- Education pricing available
Service documents
Framework
G-Cloud 10
Service ID
487050297239606
Contact
Service scope
| Software add-on or extension | Yes, but can also be used as a standalone service |
| What software services is the service an extension to | Access HCSS Budgeting |
| Cloud deployment model | Private cloud |
| Service constraints | None. |
| System requirements | Internet Access via supported browsers (html5 enabled) |
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | Varies with priority and success plan adopted. For example, minimum response time for P1 cases is 1 hour. |
| User can manage status and priority of support tickets | No |
| Phone support | Yes |
| Phone support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support | Web chat |
| Web chat support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support accessibility standard | None or don’t know |
| How the web chat support is accessible | Users can access web chat through the software |
| Web chat accessibility testing | None. |
| Onsite support | Yes, at extra cost |
| Support levels |
Basic Success Plan - provides you with an on-line support experience with on-line support case submission and self-service Knowledge Base access. No additional cost Standard Success Plan- offers an enhanced reactive service, including telephone and e-mail support, as well as priority response times and longer support hours. Larger customers will also get access to a primary named support analyst who will deal with the majority of your support questions. Charged at 15% of your subscription fee. Premier Success Plan- provides proactive services, including access to a customer success manager with quarterly and annual review. Charged at 25% of your annual subscription fee. |
| Support available to third parties | No |
Onboarding and offboarding
| Getting started | HCSS Education, an Access Group companys' approach to project management puts simplicity at the heart of our delivery. Utilising a simplistic and scalable project management methodology for all software implementation, we consistently achieve success for our customers. Drawing on the expertise of our Education Project Management team and development resource, we ensure that the customer is consulted during every stage of the project, with success reviews during delivery. Our suggested approach to the configuration of Access HCSS Accounting into schools and MAT's is a scoping visit to understand the set up and requirements of schools. Our preferred approach to training is to offer on-site training to all key personnel imparting advanced end user training. We provide multiple dates and recommend a specific training programme so the customer can determine which delegates are suitable to the different elements of the training. User documents are accessible via 'knowledgebase' - our online support portal as well as webinars and customer success events throughout the year. |
| Service documentation | Yes |
| Documentation formats | |
| End-of-contract data extraction | Users can extract required data via a range of reports. |
| End-of-contract process | As per standard contract agreement data is retained for 28 days past contract end. All data is then securely deleted and removed from the system. |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | No |
| Designed for use on mobile devices | No |
| Accessibility standards | None or don’t know |
| Description of accessibility |
Access HCSS Accounting supports standard browser operations and therefore supports the accessibility features of chosen browser. Buttons and non-text content have text alternatives which can be used with screen-readers. |
| Accessibility testing | None |
| API | No |
| Customisation available | Yes |
| Description of customisation | Users can customise Purchase Orders, BACS Remittances and Invoices with schools logos, details and T&C's |
Scaling
| Independence of resources | HCSS Accounting is a load-balanced, multi-tenant service. The load balancer monitors the web servers continuously and will dynamically reassign requests if one of these servers crashes. |
Analytics
| Service usage metrics | No |
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | Up to Baseline Personnel Security Standard (BPSS) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | No |
| Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
| Protecting data at rest |
|
| Data sanitisation process | Yes |
| Data sanitisation type | Explicit overwriting of storage before reallocation |
| Equipment disposal approach | Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001 |
Data importing and exporting
| Data export approach | The user can export their data through a range of reports. |
| Data export formats |
|
| Other data export formats |
|
| Data import formats |
|
| Other data import formats |
|
Data-in-transit protection
| Data protection between buyer and supplier networks |
|
| Data protection within supplier network |
|
Availability and resilience
| Guaranteed availability | We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. |
| Approach to resilience | We operate a dual active-passive environment and all hardware components are provided at N+2 level or greater. More details are available on request. |
| Outage reporting | Users can subscribe to email alerts giving updates on scheduled maintenance and outages. From within TeamSeer, you can also review uptime statistics. |
Identity and authentication
| User authentication needed | Yes |
| User authentication |
|
| Access restrictions in management interfaces and support channels | We operate role profile based Access Control - based on least privilege access. This applies to all our services |
| Access restriction testing frequency | At least every 6 months |
| Management access authentication |
|
Audit information for users
| Access to user activity audit information | Users have access to real-time audit information |
| How long user audit data is stored for | At least 12 months |
| Access to supplier activity audit information | Users contact the support team to get audit information |
| How long supplier audit data is stored for | At least 12 months |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | ISOQAR |
| ISO/IEC 27001 accreditation date | 01/09/2014 |
| What the ISO/IEC 27001 doesn’t cover | Nothing is excluded from the Standard |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | No |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes |
All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request. |
Operational security
| Configuration and change management standard | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Configuration and change management approach | All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes. |
| Vulnerability management type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Vulnerability management approach |
Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors. |
| Protective monitoring type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Protective monitoring approach | We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday. |
| Incident management type | Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402 |
| Incident management approach |
We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure |
Secure development
| Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Public sector networks
| Connection to public sector networks | No |
Pricing
| Price | £800 to £1600 per licence per year |
| Discount for educational organisations | Yes |
| Free trial available | No |
Documents
| Pricing document | View uploaded document |
| Skills Framework for the Information Age rate card | View uploaded document |
| Terms and conditions document | View uploaded document |