Castle Computer Services Ltd

Expense Cloud Solution

Our mobile technology allows expenses to be entered and authorised from any location with real time policy validation and workflow rules. Users can photograph their receipts and record audio narratives to explain their claims and managers can authorise and reject claims in real time while on the go.


  • Mobile, smartphone and tablet devices to enter and approve expenses
  • Digital images of receipts uploaded from mobile or desktop.
  • Easy import and analysis of employee credit card expenditure
  • Ensure compliance with taxation legislation and corporate expenses policy
  • We integrate with all major finance, accounting and payroll systems
  • Sophisticated reporting reviewing expenditure in summary or detail form
  • Sophisticated rules for authorisation based on expenditure limits
  • Customisable options to tailor the system to suit your requirements


  • Simple and intuitive interface means no end user training
  • Use pre configured templates and be ready to start immediately.
  • Customisation options to suit organisational requirements.
  • Cloud ready accessibility on Mobile, Tablet and Desktop.


£5 to £18 per user per month

Service documents


G-Cloud 11

Service ID

9 6 0 4 9 2 4 7 6 1 3 9 1 9 5


Castle Computer Services Ltd

Paul Sutherland

01698 844600

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Due to tight integration with finance systems this can be used as an add-on service
Cloud deployment model
Private cloud
Service constraints
Periodically, typically once per quarter the system will be taken down outside of normal working hours for updates and general maintenance. We provide at least 7 days notice of this.
System requirements
  • SQL 2008 or 2008R2 or 2012 or 2014, 2016
  • Windows 7 or Windows 8 or Windows 10
  • .NET Version 4.5 (Appropriate 32 bit or 64 bit version
  • MS Exchange 2010, 2013, 2016
  • IIS Version 7
  • Crystal Runtime Version 13.0.

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA response within one working hour
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
At the heart of our offering is a group of experienced and highly skilled application specialists, systems architects and support staff who are responsible for delivering all aspects of our Professional Services. Our architects and application consultants use their real world experiences and industry best practices to reduce the time, scope and cost risks associated with project implementations. Please see our support service document for more information.
Support available to third parties

Onboarding and offboarding

Getting started
As part of our implementation service we offer both onsite and remote training. In addition we provide help manuals and can optionally produce training videos for clients.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data is held in a SQL database and can be extracted by the client as required. In addition clients can also use the applications inbuild reports in perpetuity.
End-of-contract process
At the end of the contract all data is backed up and provided to the client for their own archival and reporting requirements. Our contract includes software access and support. However it does not include the cost of additional consultancy services that may optionally be required by the client.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Our mobile service is accessed via a Mobile App available on Android and iOS. It is designed primarily for the entry and authorisation of expenses.
Service interface
Customisation available
Description of customisation
Yes, expense@work can be configured to suit the exact requirements of the client. Forms, reports, workflow and validation rules can all be configured by our engineers as part of the implementation.


Independence of resources
Yes, each organisations data is held in a separate database and virtual machine to ensure that there is no impact from usage of other customers and users.


Service usage metrics


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported via SQL or via the inbuilt reporting tools. Data can be exported in a variety of formats including CSV, XML, XLS.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • XLS
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLS

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Using Microsoft Azure we guarantee 99% availability and refund clients via service credits if this is not achieved.
Approach to resilience
This information is available on request from systems@work and Microsoft.
Outage reporting
Outages are advised via email alerts, social media and via the website.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access is restricted using Login Credentials associated with Access Profiles which govern availability to functionality.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Security accreditation handled by the Microsoft Azure Platform.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
CSA CCM version 3.0
Information security policies and processes
This information is not available at the moment.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All system changes have to formally documented, fully regression tested to ensure no application conflicts.

Changes applied to a test environment first

Customer UAT is required before transfer to a live system
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We regularly carry out tests to ensure that code injections and other similar attacks (OWASP A1, A2 and A5 classes). In addition we use 3rd parties to test and ensure no access to restricted information using direct object and URL references (A4 and A8). We also use Microsoft Azure to ensure security compliance.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We regularly carry out tests to ensure that code injections and other similar attacks (OWASP A1,
A2 and A5 classes). In addition we use 3rd parties to test and ensure no access to restricted information using direct object and URL
references (A4 and A8). We also use Microsoft Azure to ensure security compliance.
Incident management type
Supplier-defined controls
Incident management approach
All incidents have to be reported via the helpdesk support line.
By email to
Through the systems@work Support Portal

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£5 to £18 per user per month
Discount for educational organisations
Free trial available
Description of free trial
Organisations can try our software on a 7 day trial. All functionality is included in the trial.
Link to free trial

Service documents

Return to top ↑