Liberata UK Ltd

Liberata Anytime Service

The Liberata Anytime service is designed to provide a full end to end back office automation capability resulting in no manual effort required by the Council for the transactions that go through this service.


  • Approach can be amended dependant on Council work splits
  • Pricing will be tailored to each individual Council work splits
  • Where necessary our approach will replicate existing Council processes
  • Embedded quality processes
  • Commitments on accuracy levels
  • Dedicated officers for each Council
  • Short but thorough approach to implementation
  • Capability can be switched on or off dependant on demand


  • Support improvements in speed of processing in benefits
  • Improvements in collection rates
  • Allows Council officers to focus on more value add tasks
  • Headcount savings - free up valuable Council resources
  • Increased processing accuracy
  • Improved levels of customer experience
  • Reduction in levels of overpayments
  • GDPR Compliant


£1.50 to £19 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 8 9 5 5 9 0 7 2 1 8 5 8 7 0


Liberata UK Ltd G-Cloud Bid Administration
Telephone: 020 7378 3700

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Capacitygrid Universal Credit Automation
Cloud deployment model
Private cloud
Service constraints
System requirements
Modern web browsers with internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have dedicated Customer Support Managers for each account to provide immediate assistance during office hours 8.45-5.30 Monday to Friday
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
Dedicated Customer Support Manager for each account to provide immediate assistance. On-boarding and off-boarding assistance included and technical support also available at no extra cost.
Support available to third parties

Onboarding and offboarding

Getting started
Dedicated Customer Support Manager to guide through and track implementation. Full on-boarding documentation is also provided with data provision templates and a train the trainer approach to staff familiarisation.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
All work is completed on the Councils systems - no information is recorded outside of these systems.
End-of-contract process
User accounts are disabled and data removed in an agreed timescale. An end of review/off-boarding call will also be held with the buyer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
Customisation available
Description of customisation
Customisable administration process, we can replicate the way in which a Council currently works


Independence of resources
Regular server capacity monitoring


Service usage metrics
Metrics types
A provision of reports available on the cloud highlighting the progress of the review,
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
24/7 accessibility, 99.75% availability over the review period
Approach to resilience
The solution is provided from a UK-hosted, dual datacentre, private cloud platform which supports SAN to SAN replication of data between the two sites. The platform is design to give tolerance to single points of failure, and is support by our 24x7 support organisation. Data can also be backed up locally to a virtual tape library, enabling rapid restore when required.
Outage reporting
Email notifications to users

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
User roles restrict access to specific functions with the application.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
IT hosting as that has been outsourced to a third party
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
• ISO20000 (IT Service Management)
• ISO22301 (Business Continuity)
• ISO27001 (Information Security)
• Cyber Essentials
Information security policies and processes
Liberata Acceptable Use Policy
Liberata Access Control Policy
Liberata Information Security Management Policy
Liberata Compliance Policy
Liberata Data & Asset Management Policy
Liberata Mobile Working Policy
Liberata Personnel Security Policy
Liberata Risk Management Policy
Liberata Incident Management Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Management process is aligned and certified to ISO20000 IT Service Management. A UKAS accredited body performs external audits to test the Policy/Procedural compliance of ISO20000.

A Change Advisory Board sets the requirements to which the life-cycle of change is managed.

CAB objectives:
Ensure that changes to the IT Infrastructure are assessed, prioritised and scheduled in a timely and cost effective way that maintains contractual client service levels;
Ensure Changes are reviewed throughout the Change Lifecycle;
Ensure appropriate resources are in place to meet clients’ business requirements;
Improve clients’ overall satisfaction with the services provided; and
Manage emergency change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Regular scanning is in place to identify vulnerabilities and the required remediation implemented to a defined plan to comply with PSN and ISO27001.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Servers have security logs in Audit Collection Services, within Microsoft System Operations Manager.

Managed network devices have security logs shipped to Cisco Monitoring, Analysis and Response solution. 

Logs are retained for at least 6 months including:
User or process Unique ID; 
Date and time of event; 
Physical or logical address; 
Type of service executed;
Privileged command executions;
In-bound email traffic claiming origination from PSN addresses or from 'null' addresses;
Excessive outgoing web traffic;
Regular data exchanges with external addresses;
Log record changes.

We have a SyOPs document which details the frequency for manually validating access controls and firewalls logs, etc.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed via the Service Desk with an incident management team responsible for coordinating and directing the response. Conforms to the requirements of ISO27001 and ISO20000.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1.50 to £19 a transaction
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.