Castle Computer Services Ltd

Expense Cloud Solution

Our mobile technology allows expenses to be entered and authorised from any location with real time policy validation and workflow rules. Users can photograph their receipts and record audio narratives to explain their claims and managers can authorise and reject claims in real time while on the go.

Features

  • Mobile, smartphone and tablet devices to enter and approve expenses
  • Digital images of receipts uploaded from mobile or desktop.
  • Easy import and analysis of employee credit card expenditure
  • Ensure compliance with taxation legislation and corporate expenses policy
  • We integrate with all major finance, accounting and payroll systems
  • Sophisticated reporting reviewing expenditure in summary or detail form
  • Sophisticated rules for authorisation based on expenditure limits
  • Customisable options to tailor the system to suit your requirements

Benefits

  • Simple and intuitive interface means no end user training
  • Use pre configured templates and be ready to start immediately.
  • Customisation options to suit organisational requirements.
  • Cloud ready accessibility on Mobile, Tablet and Desktop.

Pricing

£5 to £18 per user per month

Service documents

Framework

G-Cloud 11

Service ID

9 6 0 4 9 2 4 7 6 1 3 9 1 9 5

Contact

Castle Computer Services Ltd

Paul Sutherland

01698 844600

paul.sutherland@castle-cs.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Due to tight integration with finance systems this can be used as an add-on service
Cloud deployment model
Private cloud
Service constraints
Periodically, typically once per quarter the system will be taken down outside of normal working hours for updates and general maintenance. We provide at least 7 days notice of this.
System requirements
  • SQL 2008 or 2008R2 or 2012 or 2014, 2016
  • Windows 7 or Windows 8 or Windows 10
  • .NET Version 4.5 (Appropriate 32 bit or 64 bit version
  • MS Exchange 2010, 2013, 2016
  • IIS Version 7
  • Crystal Runtime Version 13.0.

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA response within one working hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
At the heart of our offering is a group of experienced and highly skilled application specialists, systems architects and support staff who are responsible for delivering all aspects of our Professional Services. Our architects and application consultants use their real world experiences and industry best practices to reduce the time, scope and cost risks associated with project implementations. Please see our support service document for more information.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As part of our implementation service we offer both onsite and remote training. In addition we provide help manuals and can optionally produce training videos for clients.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data is held in a SQL database and can be extracted by the client as required. In addition clients can also use the applications inbuild reports in perpetuity.
End-of-contract process
At the end of the contract all data is backed up and provided to the client for their own archival and reporting requirements. Our contract includes software access and support. However it does not include the cost of additional consultancy services that may optionally be required by the client.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our mobile service is accessed via a Mobile App available on Android and iOS. It is designed primarily for the entry and authorisation of expenses.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Yes, expense@work can be configured to suit the exact requirements of the client. Forms, reports, workflow and validation rules can all be configured by our engineers as part of the implementation.

Scaling

Independence of resources
Yes, each organisations data is held in a separate database and virtual machine to ensure that there is no impact from usage of other customers and users.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Systems@work

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported via SQL or via the inbuilt reporting tools. Data can be exported in a variety of formats including CSV, XML, XLS.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • XLS
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLS

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Using Microsoft Azure we guarantee 99% availability and refund clients via service credits if this is not achieved.
Approach to resilience
This information is available on request from systems@work and Microsoft.
Outage reporting
Outages are advised via email alerts, social media and via the website.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access is restricted using Login Credentials associated with Access Profiles which govern availability to functionality.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Security accreditation handled by the Microsoft Azure Platform.

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
This information is not available at the moment.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All system changes have to formally documented, fully regression tested to ensure no application conflicts.

Changes applied to a test environment first

Customer UAT is required before transfer to a live system
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We regularly carry out tests to ensure that code injections and other similar attacks (OWASP A1, A2 and A5 classes). In addition we use 3rd parties to test and ensure no access to restricted information using direct object and URL references (A4 and A8). We also use Microsoft Azure to ensure security compliance.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We regularly carry out tests to ensure that code injections and other similar attacks (OWASP A1,
A2 and A5 classes). In addition we use 3rd parties to test and ensure no access to restricted information using direct object and URL
references (A4 and A8). We also use Microsoft Azure to ensure security compliance.
Incident management type
Supplier-defined controls
Incident management approach
All incidents have to be reported via the helpdesk support line.
By email to support@systemsatwork.co.uk
Through the systems@work Support Portal

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5 to £18 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Organisations can try our software on a 7 day trial. All functionality is included in the trial.
Link to free trial
Www.expensesdemo.com

Service documents

Return to top ↑