Get started
Toggle Menu

Policies

Policies

  • Service Level Agreement
  • Information Security Policy

Service Level Agreement (Updated 25.5.2017)

Purpose of the Service Level Agreement (SLA)

The purpose of this agreement is to ensure that proper elements and commitments are in place to provide consistent service, support and delivery. The spirit of the SLA is intended to be a collaboration between both parties to work together to achieve maximum levels of efficiency and to develop a long term mutually beneficial relationship. It is acceptable that as a result of this partnership and ongoing working relationship, improvements will be implemented as necessary or as requirements further dictate.

Goals and Objectives

The goal of this document is to obtain mutual agreement for service provision to meet the following objectives:

  • Service capable of handling direct debits via paper mandates, paperless via telephone and online to aid revenue growth and prompt payments.
  • The ability to handle customer enquiries to support the Company in optimising collections

 
Access PaySuite Service Responsibilities

  1. Provide Company with Direct Debit facilities in accordance with The Direct Debit Scheme as mandated by BACS Payments Scheme Limited.
  2. Provide and maintain The Direct Debit System or secure FTP enabling the Company to submit daily transaction details through ECS’ secure server. ECS is not responsible for the maintenance of the Company's servers or management of the Company's computers.
  3. In accordance with The Direct Debit Scheme, ECS will set up Direct Debits and send Direct Debit Advance Notice emails or letters to clients (unless otherwise agreed).
  4. All necessary steps will be taken to ensure that personal data held is processed fairly and lawfully in accordance with the General Data Protection Act (GDPR). We hold personal data relating to you and your end-customers in connection with payment processing services you have asked us to provide. Except to the intent we are required or permitted by law, personal data provided to or obtained by us will be used for the purposes of providing you with the services you have requested.
  5. Access PaySuite endorses a strict environmental policy which includes paper and component recycling, purchase of supplies and the working environment.

 
Company Responsibilities

  1. In addition to Access PaySuite’s training and support provided as agreed, the Company will ensure that authorised staff using the Direct Debit system will refer to the PaySuite Customer Manager User Guide as necessary to ensure the correct use of the Direct Debit system.
  2. The Company will ensure that only authorised staff, following access control procedures, will use the Direct Debit system.
  3. The Company and authorised staff understand the general scope of The Direct Debit Scheme Rules and undertake to adhere to these rules as laid down by BACS Payment Schemes Limited.
  4. The Company will do its utmost to ensure data accuracy (including validation of customer bank details) to reduce the amount of failed Direct Debit Instructions due to human error.


Service Assumptions & Exceptions

Assumptions related to in-scope services include:

  • Access PaySuite is not responsible for the maintenance of the Company website.
  • Access PaySuite agrees to treat Company and Company’s employees with respect at all times, especially during times of business crises. In return, Access PaySuite expects the same treatment from Company and Company’s employees for Access PaySuite’s employees, contractors and vendors.
  • Company recognises that Access PaySuite’s employees and contractors are not full-time employees of the Company and at no time should be treated as such.
  • If Access PaySuite is unable to remedy a problem, then Access PaySuite will work with the appropriate outside vendor until a resolution is reached.


Service Management

The following sections provide relevant details on service availability, monitoring measuring and reporting of in-scope services and supporting components.

Access PaySuite Normal Service Support Hours

Normal telephone business support hours for the Company and its customers is 01242 269790 from 9:00am to 5:00pm Monday through Friday excluding Public Holidays. Special arrangements may apply for the Christmas & New Year period at Access PaySuite’s discretion. Calls are handled by Access PaySuite’s in-house UK-based Client Services Team.

Performance Measurement Target

  • Customer calls answered in timely fashion 95% within 20 seconds
  • Customer problem resolution 90% resolved on 1st call


Systems Availability

Access PaySuite makes every attempt to develop and select the most reliable systems. However the Company must recognise that failures can occur from time to time. Access PaySuite will provide backup support at levels deemed reasonable during normal service hours. Outside of these service hours, the Company should log issue on the Access PaySuite 24 hour voicemail system on 01242 269790 and/or by email to admin@Access PaySuite.co.uk and Access PaySuite will endeavour to solve or begin addressing the matter within a 48 hour period.

Performance Measurement Target

  • System availability throughout the year 99.9%

An ‘outage’ is deemed a loss of service of 15 continuous minutes or greater and does not include planned outages.


Notification of Planned Outages and Faults

Systems must be upgraded from time to time to continually secure customer data and to enhance service offerings. This is done in a very controlled manner to keep downtime to an absolute minimum. All planned outages will be carried out if possible outside business hours and you will be notified in advance to ensure that any outage will not conflict or severely impact your business.

Performance Measurement Target

  • Planned outages (exceeding 1 hour) advance notification 72 hours. Shorter planned outages would be notified within 24 hours.
  • Service affecting faults or outages exceeding 1 hour will be notified immediately via email as soon as reasonably practicable.


Escalation Procedure

It is our intention to provide you with a high level of customer service at all times and our staff will try to resolve any complaints immediately. Where this is not possible, you can escalate the problem to the Operations Manager.

Performance Measurement Target

  • Acknowledgement of Escalation 1 working day
  • Problem resolution 3 working days


Staff Training

It is our policy to be staffed by exceptional people whose skills and abilities match the needs of their jobs and indeed our clients. To achieve this we have a comprehensive Training and Competence Scheme which is in place for all client facing staff and their supervising managers.

Information Security Policy (Updated 14/05/2019)


Access Paysuite Ltd recognises that IT Services and information are valuable assets which are essential in supporting the company’s strategic objectives.  

To support our goals we will operate, maintain and continuously improve information security in all areas.  In order to achieve this we have adopted ISO 27001:2013 and have implemented a formal information security management system.

We have established top level objectives in order to monitor and measure the efficiency of our Information Security and these are regularly reviewed by our Board of Directors.  APS has both legal and moral obligations to protect the information in its care and recognises that effective information security management is critical to ensure the successful delivery of its products and services.  The company is committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets.

Information security management is an ongoing cycle of activity aimed at continuous improvement in response to emerging and changing threats and vulnerabilities. It can be defined as the process of protecting information from unauthorised access, disclosure, modification or destruction and is vital for the protection of information and the APS’s reputation.

A copy of the Information Security Policy Statement is made available to all interested parties via the company website.  If an interested party requires further information pertaining to specific policies, or objectives then this shall be handled through the Information Security Officer.

APS shall review Information Security policies for their efficacy and appropriateness in the following circumstances:

  • Once a year.
  • When services, policies or any activity performed by the company or applying to the company changes that significantly changes items identified within the Information Security Risk assessment.  
  • Following an Information Security Incident in order to identify and correct any failures in process, procedure or work instruction that may have led to the information security incident.