Liberata UK Ltd

Liberata Anytime Service

The Liberata Anytime service is designed to provide a full end to end back office automation capability resulting in no manual effort required by the Council for the transactions that go through this service.

Features

  • Approach can be amended dependant on Council work splits
  • Pricing will be tailored to each individual Council work splits
  • Where necessary our approach will replicate existing Council processes
  • Embedded quality processes
  • Commitments on accuracy levels
  • Dedicated officers for each Council
  • Short but thorough approach to implementation
  • Capability can be switched on or off dependant on demand

Benefits

  • Support improvements in speed of processing in benefits
  • Improvements in collection rates
  • Allows Council officers to focus on more value add tasks
  • Headcount savings - free up valuable Council resources
  • Increased processing accuracy
  • Improved levels of customer experience
  • Reduction in levels of overpayments
  • GDPR Compliant

Pricing

£1.50 to £19 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidadmin@liberata.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 8 9 5 5 9 0 7 2 1 8 5 8 7 0

Contact

Liberata UK Ltd G-Cloud Bid Administration
Telephone: 020 7378 3700
Email: bidadmin@liberata.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Capacitygrid Universal Credit Automation
Cloud deployment model
Private cloud
Service constraints
None
System requirements
Modern web browsers with internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have dedicated Customer Support Managers for each account to provide immediate assistance during office hours 8.45-5.30 Monday to Friday
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Dedicated Customer Support Manager for each account to provide immediate assistance. On-boarding and off-boarding assistance included and technical support also available at no extra cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Dedicated Customer Support Manager to guide through and track implementation. Full on-boarding documentation is also provided with data provision templates and a train the trainer approach to staff familiarisation.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
All work is completed on the Councils systems - no information is recorded outside of these systems.
End-of-contract process
User accounts are disabled and data removed in an agreed timescale. An end of review/off-boarding call will also be held with the buyer.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Customisable administration process, we can replicate the way in which a Council currently works

Scaling

Independence of resources
Regular server capacity monitoring

Analytics

Service usage metrics
Yes
Metrics types
A provision of reports available on the cloud highlighting the progress of the review,
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
N/a
Data export formats
ODF
Data import formats
ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
24/7 accessibility, 99.75% availability over the review period
Approach to resilience
The solution is provided from a UK-hosted, dual datacentre, private cloud platform which supports SAN to SAN replication of data between the two sites. The platform is design to give tolerance to single points of failure, and is support by our 24x7 support organisation. Data can also be backed up locally to a virtual tape library, enabling rapid restore when required.
Outage reporting
Email notifications to users

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
User roles restrict access to specific functions with the application.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/04/2010
What the ISO/IEC 27001 doesn’t cover
IT hosting as that has been outsourced to a third party
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
• ISO20000 (IT Service Management)
• ISO22301 (Business Continuity)
• ISO27001 (Information Security)
• PSN
• Cyber Essentials
Information security policies and processes
Liberata Acceptable Use Policy
Liberata Access Control Policy
Liberata Information Security Management Policy
Liberata Compliance Policy
Liberata Data & Asset Management Policy
Liberata Mobile Working Policy
Liberata Personnel Security Policy
Liberata Risk Management Policy
Liberata Incident Management Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Management process is aligned and certified to ISO20000 IT Service Management. A UKAS accredited body performs external audits to test the Policy/Procedural compliance of ISO20000.

A Change Advisory Board sets the requirements to which the life-cycle of change is managed.

CAB objectives:
Ensure that changes to the IT Infrastructure are assessed, prioritised and scheduled in a timely and cost effective way that maintains contractual client service levels;
Ensure Changes are reviewed throughout the Change Lifecycle;
Ensure appropriate resources are in place to meet clients’ business requirements;
Improve clients’ overall satisfaction with the services provided; and
Manage emergency change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Regular scanning is in place to identify vulnerabilities and the required remediation implemented to a defined plan to comply with PSN and ISO27001.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Servers have security logs in Audit Collection Services, within Microsoft System Operations Manager.

Managed network devices have security logs shipped to Cisco Monitoring, Analysis and Response solution. 

Logs are retained for at least 6 months including:
User or process Unique ID; 
Date and time of event; 
Physical or logical address; 
Type of service executed;
Privileged command executions;
In-bound email traffic claiming origination from PSN addresses or from 'null' addresses;
Excessive outgoing web traffic;
Regular data exchanges with external addresses;
Log record changes.

We have a SyOPs document which details the frequency for manually validating access controls and firewalls logs, etc.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed via the Service Desk with an incident management team responsible for coordinating and directing the response. Conforms to the requirements of ISO27001 and ISO20000.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.50 to £19 a transaction
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidadmin@liberata.com. Tell them what format you need. It will help if you say what assistive technology you use.