Liberata UK Ltd

Liberata Payment Solutions (including Contingency arrangements) via Liberata's approved BACS Bureau

Payment solutions for multiple payment channels, including emergency and contingency payment options. BACS approved commercial Bureau. Cloud based services include various integration options including API and other interface solutions.

Features

  • Payments based solutions
  • Consumption based pricing and usage model
  • Expert financial reconciliation solutions
  • End to end financial process solutions
  • Expert implementation support
  • Full reporting, accounting and IT support wrapper for services available
  • Specialist public sector banking services
  • Multiple input / output options and formats available
  • Integration, data transformation solutions

Benefits

  • Supports integration of existing systems and applications
  • Avoids costly integrations and reduces manual intervention
  • Tried and tested low risk solutions
  • Step change cost savings
  • Business process automation and simplification
  • End to end solution, including accounting and audit requirements
  • Improved accuracy and efficiency levels
  • Reduction in error and fraud
  • System enforced validation and control ensures consistency and data integrity

Pricing

£0.005 per unit

Service documents

Framework

G-Cloud 11

Service ID

8 5 1 5 7 7 7 2 9 4 1 0 3 1 9

Contact

Liberata UK Ltd

G-Cloud Bid Administration

020 7378 3700

bidadmin@liberata.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Majority of services are browser based.
  • Citrix client required for some solutions

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email accounts are monitored during service hours, acknowledged within 30 minutes and all emails received would be reviewed within one hour of receipt. Response times would vary depending on the severity of the issue in accordance with our published support SLAs.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
P1 – Response Time – 15 working mins / Fix Time – 4 working hours
P2 – Response Time – 1 working hour / Fix Time – 8 working hours
P3 – Response Time – 2 working hours / Fix Time – 16 working hours
P4 – Response Time – 4 working hours / Fix Time – 7 working days

Additional support can be provided based on specific client requirements, incremental pricing per standard rate card
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Liberata has, as part of its standard implementation template set, standard project plans highlighting the normal tasks and timeframes associated with the implementation of Cloud services. The templated project plans will be used as a basis for an individual client implementation and the Liberata Project Manager allocated to the project will update the plan to take accord of any specific client dependencies and constraints which may impact the implementation timeframes. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client.
Guidance documentation is available, and where appropriate as part of initial engagement Liberata would host one or more workshops with customer representatives to understand requirements and confirm scope of solution. During these workshops Liberata would provide full details/explanation of functionality available in order for customers to identify key elements to be made available to satisfy their requirements. This would include basic configuration requirements and options together with review and confirmation of interfaces and other inputs / outputs.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Open API (also known as Swagger)
  • Xml
  • Csv
End-of-contract data extraction
The extract of data and secure provision of this data is supported by Liberata. We would define precise data requirements with clients as part of our exit process
End-of-contract process
Liberata has, as part of its standard contract exit template set, standard project plans highlighting the normal tasks and timeframes associated with the exit process. The templated project plans will be used as a basis for an individual client exit and the Liberata Project Manager allocated to the exit project will update the plan to take accord of any specific client dependencies and requirements. Once baselined the project plan will be maintained by the Liberata Project Manager and reviewed periodically with the client project team highlighting any task slippage and any risks and issues which require highlighting on the RAID log, also maintained by Liberata and shared with the client.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
User presentation layer is reactive - no difference in functionality
Service interface
No
API
Yes
What users can and can't do using the API
APIs have a degree of flexibility so would be managed at customer level to minimise impact on customer development requirements
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
There is flexibility that can be applied within our solutions. This would be agreed in discussion with customers as customisation / individual requirements can be delivered subject to this remaining within overarching solution design.

Scaling

Independence of resources
The hosting platform has been scaled to support user growth. When new clients are onboarded, additional capacity will be added as required based on an assessment of the number of users/solutions implemented. Additional capacity is also added as part of ongoing service management based on predicted growth rates. Our systems are monitored and can scale out as indicated by the monitoring service.

Analytics

Service usage metrics
Yes
Metrics types
Report detailing performance and volumetrics for each solution to customer has access
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Would depend on solution - csv, excel, xml etc
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Xml
  • .dat
  • .txt
  • Json
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Excel
  • Xml
  • .dat
  • .txt
  • Json

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.75% during business hours.
Approach to resilience
We design resilience into our services across all layers, with no single points of failure. The management of the platforms ensures both security and availability are at a premium. Further information available on request.
Outage reporting
Liberata provides a forward schedule of change detailing planned service outages. In addition we provide incident communications for any unplanned outages that may occur.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The standard out of band services are restricted to administration/ support staff who are security cleared to the appropriate levels based on CESG guidelines
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/04/2010
What the ISO/IEC 27001 doesn’t cover
IT hosting outsourced to a third party (other than using our current hosting provider)
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security governance is based on the ISO27001 management system and is underpinned by formal governance boards and the following policies:
Corporate IT Policy Handbook
Business Continuity Policy
Physical Environmental Security Policy
Security Management Plan (restricted document)
Data Asset Management
Information Classification Matrix
Document Management Retention Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Management Process is aligned and certified to ISO20000 IT Service Management (ITMS) A UKAS accredited body performs external audits to test the policy and procedural compliance to ISO20000. A Change Advisory Board (CAB) set the requirements to which the life cycle of change is managed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Regular scanning is in place to identify vulnerabilities and the required remediation implemented to a defined plan to comply with PSN and ISO27001
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Servers have security logs in Audit Collection Services, within Microsoft System Operations Manager. Managed network devices have security logs shipped to Cisco Monitoring, Analysis and Response solution.

Logs are retained for at least 6 months including:
User or process Unique ID;
Date and time of event;
Physical or logical address;
Type of service executed;
Privileged command executions;
In-bound email traffic claiming origination from PSN addresses or from 'null' addresses;
Excessive outgoing web traffic;
Regular data exchanges with external addresses; Log record changes.
We have a SyOPs document which details the frequency for manually validating access controls and firewalls logs, etc.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed via the Service Desk with an incident management team responsible for coordinating and directing the response

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Other
Other public sector networks
Currently connect to a Central Government Department network (existing customer)

Pricing

Price
£0.005 per unit
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑