Payroll Business Solutions Limited

Hosted Payroll Solution

PBS develop and host payroll software for public and private sector organisations using our own Accord Payroll software system. Accord Payroll combines regulatory & statutory compliance with configurability for specific and occupational requirements. PBS is ISO27001 certified, GDPR compliant, and a Bacs approved bureau. Accord Payroll software is HMRC Recognised.


  • HMRC Recognised Software with RTI & DPS
  • On‐line payslips and reporting
  • Robust and scalable from tens to thousands of employees
  • Interfacing tools
  • Comprehensive accounting and analysis
  • Extensive library of standard reports and user reporting tools
  • Public service features such as LGPS, TPS & USS interfaces
  • Minimum & living wage calculations
  • Pensions processing and auto enrolment
  • Back-up, archiving, easy access to previous periods & tax years


  • Regulatory compliance
  • Cost and carbon footprint reduction with e-payslips
  • Reliable and meets future needs
  • Connectability - Interfaces with 3rd party systems
  • Accurate costing and direct upload to accounting systems
  • Easy access to all your payroll data.
  • Interfaces to HR, T&A, accounting; part of your solution ecosystem
  • Innovative and flexible data entry methods


£0.39 to £8.00 per person per month

  • Education pricing available

Service documents

G-Cloud 11


Payroll Business Solutions Limited

Akshay Raj

+44 (0)20 85507758

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to HR Systems
Cloud deployment model Private cloud
Service constraints UK payroll only.
System requirements Windows Remote Desktop for secure access via SSL

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Committed to published response times based on urgency. Documented in our service level standards document.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide the same, high-quality telephone, email and remote access support to all customers.
Formal response times are appropriate to levels of urgency published in our service level standards documentation.
Users mainly deal with a dedicated staff member with further expertise on hand.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide both onsite training supported by structured documentation. Users participate in the set-up and implementation process, including parallel test pay-runs.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Users can extract all data in a CSV format, they can use standard reports to export data in standard templates.
End-of-contract process Client payroll data is available through standard reports. This is usually more than adequate to enable them to migrate to an alternative solution.

We would only charge If specific data formats are requested, such charges being agreed with the client before any work is undertaken.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
What users can and can't do using the API Publish payslips via selected HR self-service systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Accord Payroll solution provides all statutory calculations. Non statuatory, occupational and client specific calculations can be specified and configured.

Users can set up new pay elements, specifying new account codes, configure ad-hoc statistical reports and so on.


Independence of resources Clients have separate implementations of Accord Payroll. Bandwidth at our data centre overshoots demand by a considerable margin.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported by 3 different methods. Standard reports can be output to Excel/CSV format. Data from user customisable tables can be copy/pasted directly into a spreadsheet. Finally, there are dedicated export utilities for specific applications.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • HTML
  • Comma-delimited text file
  • Tab-delimited text file
  • RTF
  • TXT
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Accord payroll is available during normal business hours and at all times of the day, every day. Planned downtime for service and maintenance takes place outside of business hours and clients are informed in advance. We do not provide guaranteed uptimes but are open to considering commitments suggested by clients for contractual purposes.
Approach to resilience We have a detailed disaster recovery and business continuity procedure and documentation in line with ISO 27001 and other standards. Documentation is available on request.
Outage reporting Email alerts to users for planned maintenance.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to all systems is governed by our Access Control Policy and working practices.
These procedures have been developed in line with ISO 27001 standards, GDPR and general data protection requirements.
In brief, staff are only able to access systems and data required for the discharge of their defined duties.
We are happy to make policy documents and certification available to prospective clients.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 18/12/2018
What the ISO/IEC 27001 doesn’t cover NA
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Bacs Approved Bureau

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have documented procedures and policies, and all staff are given training on data security. Reporting and incident management procedures are specifically documented in our Access Control document.

Our information security policy documentation includes:
Data retention policy,
Data retention/destruction agreement,
Subject access request process,
Data protection policy,
Employment contract (all employees),
Data protection monitoring policy ( crime and fraud prevention, computer systems email and internet usage and data protection),
Access control,
Data deletion recording.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All of our operational activities are subject to our documented Change Control Policy (ISO9001) and continuously subject to security impact assessment using ISO 27001 standard procedures.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We are in a continuous cycle of penetration testing, assessment of vulnerabilities, remedy/patch. Patches are tested and rolled out to all systems immediately.
This cycle is repeated on each of our functional networks in succession.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a documented incident management policy which captures and includes procedures for identifying and addressing compromises. Timeliness in terms of resolution is always as expeditious as possible but necessarily varies according to urgency, potential consequences (especially to clients) and any technical challenges.
Incident management type Supplier-defined controls
Incident management approach We have a documented incident management policy which captures and includes procedures for identifying and addressing compromises. Timeliness in terms of resolution is always as expeditious as possible but necessarily varies according to urgency, potential consequences (especially to clients) and any technical challenges.
We contract to inform clients about incidents in line with current data protection practice (GDPR).

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.39 to £8.00 per person per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑