GOV.UK
Payroll Business Solutions Limited
Hosted Payroll Solution
PBS develop and host payroll software for public and private sector organisations using our own Accord Payroll software system. Accord Payroll combines regulatory & statutory compliance with configurability for specific and occupational requirements. PBS is ISO27001 certified, GDPR compliant, and a Bacs approved bureau. Accord Payroll software is HMRC Recognised.
Features
- HMRC Recognised Software with RTI & DPS
- On‐line payslips and reporting
- Robust and scalable from tens to thousands of employees
- Interfacing tools
- Comprehensive accounting and analysis
- Extensive library of standard reports and user reporting tools
- Public service features such as LGPS, TPS & USS interfaces
- Minimum & living wage calculations
- Pensions processing and auto enrolment
- Back-up, archiving, easy access to previous periods & tax years
Benefits
- Regulatory compliance
- Cost and carbon footprint reduction with e-payslips
- Reliable and meets future needs
- Connectability - Interfaces with 3rd party systems
- Accurate costing and direct upload to accounting systems
- Easy access to all your payroll data.
- Interfaces to HR, T&A, accounting; part of your solution ecosystem
- Innovative and flexible data entry methods
Pricing
£0.39 to £8.00 per person per month
- Education pricing available
Service documents
Framework
G-Cloud 11
Service ID
690476599043876
Contact
Service scope
| Software add-on or extension | Yes, but can also be used as a standalone service |
| What software services is the service an extension to | HR Systems |
| Cloud deployment model | Private cloud |
| Service constraints | UK payroll only. |
| System requirements | Windows Remote Desktop for secure access via SSL |
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | Committed to published response times based on urgency. Documented in our service level standards document. |
| User can manage status and priority of support tickets | No |
| Phone support | Yes |
| Phone support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support | No |
| Onsite support | Yes, at extra cost |
| Support levels |
We provide the same, high-quality telephone, email and remote access support to all customers. Formal response times are appropriate to levels of urgency published in our service level standards documentation. Users mainly deal with a dedicated staff member with further expertise on hand. |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started | We provide both onsite training supported by structured documentation. Users participate in the set-up and implementation process, including parallel test pay-runs. |
| Service documentation | Yes |
| Documentation formats |
|
| Other documentation formats | Microsoft Word |
| End-of-contract data extraction | Users can extract all data in a CSV format, they can use standard reports to export data in standard templates. |
| End-of-contract process |
Client payroll data is available through standard reports. This is usually more than adequate to enable them to migrate to an alternative solution. We would only charge If specific data formats are requested, such charges being agreed with the client before any work is undertaken. |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | No |
| Designed for use on mobile devices | No |
| API | Yes |
| What users can and can't do using the API | Publish payslips via selected HR self-service systems. |
| API documentation | Yes |
| API documentation formats | |
| API sandbox or test environment | Yes |
| Customisation available | Yes |
| Description of customisation |
Accord Payroll solution provides all statutory calculations. Non statuatory, occupational and client specific calculations can be specified and configured. Users can set up new pay elements, specifying new account codes, configure ad-hoc statistical reports and so on. |
Scaling
| Independence of resources | Clients have separate implementations of Accord Payroll. Bandwidth at our data centre overshoots demand by a considerable margin. |
Analytics
| Service usage metrics | No |
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | Up to Developed Vetting (DV) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | No |
| Datacentre security standards | Supplier-defined controls |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
| Protecting data at rest | Encryption of all physical media |
| Data sanitisation process | No |
| Equipment disposal approach | Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001 |
Data importing and exporting
| Data export approach | Data can be exported by 3 different methods. Standard reports can be output to Excel/CSV format. Data from user customisable tables can be copy/pasted directly into a spreadsheet. Finally, there are dedicated export utilities for specific applications. |
| Data export formats |
|
| Other data export formats |
|
| Data import formats | CSV |
Data-in-transit protection
| Data protection between buyer and supplier networks | Legacy SSL and TLS (under version 1.2) |
| Data protection within supplier network | Legacy SSL and TLS (under version 1.2) |
Availability and resilience
| Guaranteed availability | Accord payroll is available during normal business hours and at all times of the day, every day. Planned downtime for service and maintenance takes place outside of business hours and clients are informed in advance. We do not provide guaranteed uptimes but are open to considering commitments suggested by clients for contractual purposes. |
| Approach to resilience | We have a detailed disaster recovery and business continuity procedure and documentation in line with ISO 27001 and other standards. Documentation is available on request. |
| Outage reporting | Email alerts to users for planned maintenance. |
Identity and authentication
| User authentication needed | Yes |
| User authentication | Username or password |
| Access restrictions in management interfaces and support channels |
Access to all systems is governed by our Access Control Policy and working practices. These procedures have been developed in line with ISO 27001 standards, GDPR and general data protection requirements. In brief, staff are only able to access systems and data required for the discharge of their defined duties. We are happy to make policy documents and certification available to prospective clients. |
| Access restriction testing frequency | At least once a year |
| Management access authentication | Username or password |
Audit information for users
| Access to user activity audit information | Users have access to real-time audit information |
| How long user audit data is stored for | At least 12 months |
| Access to supplier activity audit information | Users contact the support team to get audit information |
| How long supplier audit data is stored for | At least 12 months |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | The British Assessment Bureau |
| ISO/IEC 27001 accreditation date | 18/12/2018 |
| What the ISO/IEC 27001 doesn’t cover | NA |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | Yes |
| Any other security certifications | Bacs Approved Bureau |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes |
We have documented procedures and policies, and all staff are given training on data security. Reporting and incident management procedures are specifically documented in our Access Control document. Our information security policy documentation includes: Data retention policy, Data retention/destruction agreement, Subject access request process, Data protection policy, Employment contract (all employees), Data protection monitoring policy ( crime and fraud prevention, computer systems email and internet usage and data protection), Access control, Data deletion recording. |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach | All of our operational activities are subject to our documented Change Control Policy (ISO9001) and continuously subject to security impact assessment using ISO 27001 standard procedures. |
| Vulnerability management type | Supplier-defined controls |
| Vulnerability management approach |
We are in a continuous cycle of penetration testing, assessment of vulnerabilities, remedy/patch. Patches are tested and rolled out to all systems immediately. This cycle is repeated on each of our functional networks in succession. |
| Protective monitoring type | Supplier-defined controls |
| Protective monitoring approach | We have a documented incident management policy which captures and includes procedures for identifying and addressing compromises. Timeliness in terms of resolution is always as expeditious as possible but necessarily varies according to urgency, potential consequences (especially to clients) and any technical challenges. |
| Incident management type | Supplier-defined controls |
| Incident management approach |
We have a documented incident management policy which captures and includes procedures for identifying and addressing compromises. Timeliness in terms of resolution is always as expeditious as possible but necessarily varies according to urgency, potential consequences (especially to clients) and any technical challenges. We contract to inform clients about incidents in line with current data protection practice (GDPR). |
Secure development
| Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Public sector networks
| Connection to public sector networks | No |
Pricing
| Price | £0.39 to £8.00 per person per month |
| Discount for educational organisations | Yes |
| Free trial available | No |