Castle Computer Services Ltd

Electronic Invoice Processing - EIP

Electronic Invoicing is a seamless e-invoice solution. Dramatically increasing the percentage of invoices that are processed 'straight through' without the need for human handling because they are received in an electronic format.
The e-Invoicing solution enables companies to have a single access point for all invoices and other creditor documents.

Features

  • Receipt of electronic invoices securely from Suppliers
  • Business rules to ensure the data is correct
  • Coded automatically with the company’s common chart of accounts.
  • Automatic notifications via email/text messages
  • Accounts Payable or a designated contact to receive invoices
  • PEPPOL Access Point

Benefits

  • Simple and intuitive interface means minimum end user training
  • E-invoicing enables a company to automate their invoice processing
  • Seamless connection to the finance system provide data accuracy
  • Cost Savings
  • Automated the invoicing process
  • Reduced costs to process invoices
  • For Suppliers this means faster payments
  • Reduced administration cost associated with processing invoices.

Pricing

£200 to £500 per licence per month

Service documents

G-Cloud 11

535485025660719

Castle Computer Services Ltd

Paul Sutherland

01698 844600

paul.sutherland@castle-cs.com

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to The service is an add-on to the users Financial System. The EIP solution posts information to the Finance system via a secure service.
Cloud deployment model Private cloud
Service constraints The Service is available 24/7 365 days per year and has an uptime average of 99% over the past 10 years.
From time to time planned outages are agreed with customers for the implementation if upgrades etc.. Typically these are once a quarter an dare implemented outside office hours.
System requirements
  • Device with Internet access
  • Correct Browser verion

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Castle’s support model is based around ITIL (IT Infrastructure Library) best practice. ITIL is a best practice framework developed by the Office of Government Commerce and is rapidly becoming the worldwide de facto standard for the delivery of IT support to businesses.
Castle’s ITIL based Support methodology will then be used to ensure that the highest quality, proactive and responsive support service is provided to you.
We adhere carefully to IT industry best practice, and follow the ITIL standards (IT Infrastructure Library). Our support function is provided via our dedicated helpdesk in Strathclyde Business Park, Bellshill from where we provide high quality support to over 500 customers
We use a number of leading edge systems and software applications to help maximize our service to customers, such as:
• Cherwell service management call handling software
ITIL accredited software for handling, monitoring and reporting Castle’s service against agreed SLA’s
• Network streaming software
This allows us to take control (remote control) of any PC or server that can connect to our web site .
• And our innovative myCastle self service support portal
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started DCS and Castle will use a proven project management methodology based on PRINCE2 for the implementation of the P2P solution.

This is tailored to suit the exact requirements of each customer, which is documented and agreed to at the project outset in this Project Initiation Document.
This approach ensures all areas of the implementation process are discussed and addressed and realistic expectations are set.

An implementation framework reflecting respective Castle and the customer roles and responsibilities is then agreed in an informed manner through a clear understanding of the project scope, objectives, activities and resource requirements.

The approach is based on 7 steps and each step has a set of documents associated with it:
Step 1 - Project Initiation
Step 2 - Business Needs Analysis
Step 3 - Requirements Definition
Step 4 - System Configuration
Step 5 - End User Training
Step 6 - Acceptance Testing
Step 7 - Pilot Sites
Step 8 - Rollout
Step 9 - Post Implementation Review
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data is owned by the customer and may be extracted in database table or CSV format as required. Standard extracts are available and additional extracts can be developed on a time and materials basis.
End-of-contract process The notice for termination of the service is sent by the customer to Castle and an agreed date for termination after 30 days is agreed. 2 Options are then offered:-
- read only access to the data for a small cost
- Full export of the data to the customer in CSV or database table format

All support through nominated contacts and upgrades are included in the contract. Additional modules or specific customer developments are charged for as required.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
API No
Customisation available No

Scaling

Scaling
Independence of resources Dedicated application servers can be issued to minimise other user impact on services

Analytics

Analytics
Service usage metrics Yes
Metrics types Availability - 98%
Response - 95%
Load - 300 Transaction per min
Accuracy - 0 (Errors due to application problems)
Batch Services - 98%

1. Availability based on CICSPROD up and files open
2. Penalties for missed services:
a. 10% reduction in billing for 2% missed unless caused by user
3. Penalties for exceeded loads:
a. 10% increase in billing and no penalty for missed service
4. Reporting: Data Centre provides report 8 am each day.
5. Changes to SLA’s must be negotiated with the contacts from both parties
6. Priorities if full resources are unavailable
7. Batch Services:
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold DSC Ltd

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export using CSV or specific queries can be written to export data if required.
Data export formats
  • CSV
  • ODF
  • Other
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Drag & Drop Images in PDf, Word, Excel formarts

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks DCS uses ServCentric to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, regular snapshots of the database and securely move them to a separate data center so that we can restore needed, even in the event of a ServCentric failure.
We currently host data in secure SSAE 16 audited data centre ServcCentric located in Ireland.
Encrypted Transactions
Web connections to the DCS service are via TLS 1.0 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using SSL 3.0 and below or RC4.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network The architecture is designed to provide a robust scalable platform to support thousands of users through an extendible and configurable solution.
Robust Authentication, Web Farms, Load Balancers along with a multi-zone network secured by multiple firewalls are used to ensure data security and integrity.

Availability and resilience

Availability and resilience
Guaranteed availability The Service is available 24/7 365 days per year and has an uptime average of 99% over the past 9 years. From time to time planned outages are agreed with customers for the implementation if upgrades etc.. Typically these are once a quarter and are implemented outside office hours.
Approach to resilience The platform has been implemented with a redundant and fault-tolerant High Availability Architecture (HAA) to ensure that no single point of failure can affect the availability of the overall solution (the concept of duality is applied to all aspects components of the architecture).

The Network has been designed to be multi-zone separated by firewalls. Security has been implemented across the applications and uses industry standard authentication.
The system is hosted in Servecentric. Servecentric is one of Ireland’s largest and most advanced data centres. It adheres to the highest international standards, and are certified to the following ISO Standards including ISO27001 (Information Security Management), ISO9001 (Quality Management) and ISO14001 (Environmental Management).
Detailed information is available on Request and under a non-disclosure agreement.
Outage reporting If outages or part outages occur it is DCS's policy to transparently discuss this with our customers. DCS has also implemented the following ways to communicate outages to our customers:-
1. As soon as an outage occurs DCS will email all relevant customer contacts
2. DCS will post a status update page that will be updated with any developments and this page is accessible by all customers.
3. If the problem is ongoing DCS will email all end users directly and send text messages to affected users
4. When the outage is over DCS will update all users impacted by the outage via email and text message
5. DCS provides each impacted customer with a detailed outage report that includes a detailed description of the problem that occurred and a plan to ensure that the problem does not occur again.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Management Interfaces are restricted based on Group membership. Company Administrator access is limited to views of a company's data and all access if restricted via 2-factor authentication.
System level access is restricted to the DCS help desk operation leaders.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Within the company, we have an acceptable usage policy for all IT equipment. This covers, any office technology extensively, in regards to it's security, software on the devices and the usage of the software/hardware. It is designed so that adherence to the DPA is vital and always present.

Technologies such as Active Directory Services, and Group Policy are in place to make sure that company wide administration is present and no preventative measures can be made to disable Anti-Virus, firewalls, HIPS, Anti-Phishing, Email-protection etc.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All system changes have to formally documented, fully regression tested to ensure no application conflicts.

Changes applied to a test environment first

Customer UAT is required before transfer to a live system
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach With both the head office and the private cloud, we deploy a unified threat management system, which helps monitor all information going in and out of each location. The UTMs is equipped with firewall, intrusion prevention, utm management and advanced threat protection technologies.

We run regular patching to our platforms through WSUS, and application specific software releases. We usually deploy these in waves, so that if a patch was to break a service it would break a small amount of our private cloud and not the entire cloud. This is to help prevent any outages.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We regularly carry out tests to ensure that code injections and other similar attacks (OWASP A1,
A2 and A5 classes). In addition we use 3rd parties to test and ensure no access to restricted information using direct object and URL
references (A4 and A8).
All configuration changes to the SAAS service are carried out by ServeCentric and ServeCentric are SSAE-16 compliant
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All incidents have to be reported via the helpdesk support line.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £200 to £500 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑