Kefron International Limited

Kefron AP Accounts Payable Invoice Automation

Kefron AP is an Accounts Payable Invoice Automation solution which digitises invoices eliminating the need for manual processing to streamline, eliminate human error and lower costs per invoice processed. Features include data extraction, GL coding, 3-way PO matching, duplicate checking, approval workflow, supplier portal, integration, reporting and unlimited users.


  • Data capture and extraction from paper and electronic invoices
  • GL Coding
  • 3 Way PO Matching
  • Duplicate checking
  • Supplier portal for visibility of processed invoices
  • Automated invoice approvals
  • Integration with any accounting software
  • Unlimited users
  • Real-time reporting
  • PO Creation module


  • Paper and electronic invoices uploaded
  • Automatically filter duplicate invoices from work queue
  • Automatically apply GL/Nominal codes
  • Give suppliers access to view their processed invoices
  • Automated notifications to approvers ensuring faster turnaround
  • Automated matching of GRN'S & Purchase Orders to Supplier Invoices
  • Syncs with any accounting software eliminating need rekey information
  • Unlimited number of users no additional charge
  • Real-time reports giving fast, clear and accurate data
  • Ease of deployment, cloud based solution


£0.36 to £1.80 a unit

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 12

Service ID

4 8 9 4 5 8 9 8 8 6 5 0 5 0 1


Kefron International Limited Vicky Grover
Telephone: +35314380200

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Planned maintenance once a month as part of planned maintenance schedule
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support hours are Monday to Friday 9am-5pm.

Tailored support can be provided and all support and response times are documented into a tailored Service Level Agreement.

An immediate response is provided confirming the receipt of the question.

Detailed responses times range from within 3 hours for urgent issues up to 48hrs for non-urgent queries
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
1st Level Support will be provided internally within the client office (i.e. trained super user) and may include network connectivity on client side, system administration (adding new users, account lockouts, etc.), any third-party system (even if our system interacts with it), anything that can be performed via the user interface supplied, hardware used to access the system. 2nd Level Support will be provided by Kefron and may include errors or issues with the code, configuration, customisations made by Kefron i.e. where the system does not operate as per the specification agreed with the customer. 2nd Level support will be provided remotely or on-site as appropriate. All issues raised to Kefron will have been investigated in the first instance by the Customer Super User and/or Customer IT support personnel. Where there are additional costs for support this will be agreed on a contract by contract basis.
Kefron will appoint an Account Manager. Kefron support team includes support engineers.
Support available to third parties

Onboarding and offboarding

Getting started
Prior to User Acceptance Testing (UAT), training will be delivered on site at the clients head office for the UAT team. Soft copy training brochures will be available immediately after for reference. The UAT team will have full support from Kefrons Support desk through the use of our online ticketing system. In advance of “go live” additional on-site training will again be provided to the wider team and updated training manuals will be circulated. All users will have full support from Kefrons Support desk through the use of our online ticketing system.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Recorded video training sessions
End-of-contract data extraction
Kefron provide clients data in a generic format such as .csv and images via PDF.
End-of-contract process
Standard data extraction as described is free of charge up to two hours. Any data extraction which requires a tailored output or is of a size that would extend over that 2 hour period is chargeable.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our service has been designed to work on both desktop and mobile. For mobile use some screens have been modified to provide a better user experience on the mobile devices.
Service interface
What users can and can't do using the API
Users can create suppliers, view the amount of documents in verification, access all documents waiting to be processed, execute on-demand pre-defined reports. Users cannot create new users, create new documents, etc...
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Users can customise the service by changing the logo, enabling or disabling certain features such as approval required, GL/nominal coding required.

Users can create email templates, customise the indexes being extracted. List screens can be customised based on indexes being extracted. Reports can be customised.

Customisation is done through the User Interface (UI). User function access will be agreed and then users with the appropriate rights can customise.


Independence of resources
We continually monitor speed of processing and adjust capacity accordingly.


Service usage metrics
Metrics types
Kefron can provide an array of service metrics tailored to suit the users needs for example documents successfully processed, documents rejected, failed extractions, documents in queue for more than a defined period.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We are extremely flexible with this and data exports are based entirely on the users instruction. Data can be exported via on-demand reports, exports action at a scheduled time, or via periodically automated exports.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • XML
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • XML
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We offer 99% uptime. All scheduled downtime is notified in advance and scheduled out of office hours. (Monday – Friday 9am – 5pm, excluding Irish Public Holidays).

Users are not refunded.
Approach to resilience
We have a backup generator to protect against power failure and failure of the national grid. In our datacentre the facility is protected by UPS. We have dual fire walls. We have 5 EXSI hosts, each host has redundant power supply and network cards, run off an SD disk and there are two SD disks in each host. We have DRS enabled on our cluster. Within our SAN we have numerous raided LUNS and on the SAN itself we have multiple network cards and multiple power supplies.
Outage reporting
We notify our users via email of any outages. Planned outages are notified two weeks in advance of scheduled maintenance.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Role-based authentication where roles have to be assigned to individual users through the agreed approval process
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
Initial Registration: 08/05/2013 current certification 20/04/2022
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Contents of our Information Security Policy includes 1.0 Document Control, 2.0 Kefron Information Security Policy, 3.0 Email Policy, 4.0 Internet Usage Policy, 5.0 Password Control Policy, 6.0 Social Engineering Policy, 7.0 Anti-Virus Policy, 8.0 Software Usage Policy, 9.0 Host Access Control Policy, 10.0 Mobile Computing Policy, 11.0 Back-Up Policy, 12.0 Connectivity and Encryption Policy, 13.0 VPN Policy, 14.0 Wireless Policy, 15.0 Physical Access Control Policy, 16.0 Key Control Policy, 17.0 Data Protection Policy, 18.0 Clean Desk Clear Screen Policy, 19.0 User Access Entitlement Policy, 20.0 Anti-Bribery & Corruption Policy, 21.0 Social Media Usage Policy, 22.0 Credit Card Processing Policy, 23.0 Secure Destruction of Confidential Material Policy, 24.0 IT Asset Management Policy, 25.0 Gift Policy, 26.0 Software Development Security Policy, 27.0 Information Classification Policy, 28.0 Breach Notification Policy, 29.0 CCTV Policy, 30.0 Data Subject Rights Policy.
All employees are provided with a security induction and a copy of the IS Policies, employees are required to sign a declaration of adherence to the policy and are required to complete mandatory GDPR training.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Software we patch everything up to date with Microsoft windows updates. Our anti-virus software checks every five minutes for updates. Our servers are monitored for uptime, disk space (below 90%), CPU (lifecycle of machine) and RAM and we also monitor for the services specific for Kefron AP. If we get consistent RAM and/or CPU notifications within a given 24hr period we will assess and assign more as required.

Change management procedures exist to ensure any configuration and changes affecting the customer are fully planned and communicated and tracked throughout the project
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use Qualys software, which is a vulnerability management tool running nightly to check for potential threats

Depending on the severity of the issues, we usually respond and take actions as quickly as possible

Qualys contains the information about potential threats
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential compromises by logs kept in the firewall software.
We have intrusion prevention switched on and set to block medium and high incidents.
We also geo-block
We respond immediately upon detection and take actions as soon as possible to address incidents
Incident management type
Supplier-defined controls
Incident management approach
Kefron have a defined incident detection and response procedure and a non-conformance procedure which ensures that we can manage incidents in a uniform way. Issues are logged in our Business Improvements (BI) systems or the IT Helpdesk (SYSAID) for tracking and resolution. Users can email or login to the Helpdesk to raise a ticket. The Account Manager is responsible for ensuring that progress updates and incident reporting is followed through with the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0.36 to £1.80 a unit
Discount for educational organisations
Free trial available
Description of free trial
Dependant on customer and service requirements and delivered as a customised demonstration using client samples
Link to free trial

Service documents