The Access Group

Access Education People

Modern, intuitive, cloud based HR software designed specifically for schools, academies and Multi Academy Trusts. Access Education People combines the latest technology with HR best practice using a secure, flexible and scalable platform for your People data and processes with the option of an efficient, UK based managed payroll services.


  • Cloud HR software
  • Option to add managed payroll service
  • Mobile enabled manager and employee self service
  • Holiday and sickness absence management
  • Training, learning and development and appraisals
  • Recruitment, applicant tracking, candidate portal
  • Expenses and mileage claims
  • Reporting, dashboards, business intelligence, management information
  • Workflow


  • Provide a responsive and engaging experience for your People
  • Make HR information readily available, support better decision making
  • Elimination of duplication and reduction of administration time
  • Help Improve the HR service to employees
  • Support you in maintaining compliance
  • Reflect your school brand across your HR system
  • Be flexible to changing needs of schools and MAT's
  • Centralised employee database
  • Consolidated view of Multi Academy trust


£3 to £4.50 per person per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 0 7 0 7 6 4 6 2 1 4 2 1 2 3


The Access Group

Richard Gyles


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Access Education Payroll, Access Workspace for Education, Access Education Finance, Access Education Budgets
Cloud deployment model Public cloud
Service constraints None.

For information, Routine Maintenance is undertaken on 4th Tuesday of each month at 3.00 AM UK
System requirements
  • IE 10+, Edge, Firefox, Chrome or Safari (latest version)
  • Mobile Iphone, Windows Phone, Andriod
  • Open ID Connect for Single Sign on

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We use an automated ticket system to record customer case detail and an acknowledgement email is sent to the customer immediately upon receipt
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible WCAG 2.0 AA
Web chat accessibility testing The webchat software is currently being widely used across multiple other divisions within the Access Group
Onsite support Yes, at extra cost
Support levels The Essential Success Plan is included as part of your Access subscription, and is there for you online anytime of the day or night with access to our Knowledge Base and Community. The Standard Success Plan is a more reactive service including telephone and email support, speedy response times and access to our lovely customer success teams. You’ll also get the chance to be involved with exciting product updates and webinars from our team of experts. The Standard Success plan is 15% of the annual software cost per annum. The premier Success Plan delivers a proactive service including your very own support contact and a customer success manager who will get you on the road to success and help you stay there. The Premier Success plan is 25% of the annual software cost per annum.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We believe wholeheartedly that the functionality that our software offers our customers is very important, but it is only half of the value equation, how the system is rolled out is critical if full value from your new investment is to be achieved. We also know that you may view new software implementations with some trepidation and many customers can find this period daunting. In fact for some customers, this may be the first software roll out they have managed. We recognise this and we have designed our implementation services to help ensure you have a great experience and are looked after along the way, so that the whole process is less daunting… this is our FlightPath implementation approach which includes scoping, data migration and training
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The Enterprise has a built in Data Export tool. This allows clients once trained to be able to define and export data from the application. Additional consulting services are available if required
End-of-contract process Data extracts can be arranged as part of our consulting services

The Enterprise has a built in Data Export tool. This allows users once trained to be able to define and export data from Access Education People.

In addition, if required, Access as part of a technical consulting engagement can assist clients in defining and building such a data export. This would be subject to specification and the prevailing consulting fees would apply on a time and materials basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The full Access Education People user interface can be accessed on a Tablet sized device, The Mobile module provides a optimised user interface on a smart-phone sized devices, using HTML 5 technologies. This provides a simplified interface. While the functions that are made available can be controlled from the System Administrator function, we would recommend this UI being used for the more detailed functions in our system.
Service interface No
What users can and can't do using the API The API is availble with the Enterprise edition is an employee detail based REST web service that enables third-party products to get employee data from Access Education People.

The third-party products are able to request a date range of employee changes through web service. Once Access Education People has received this request, it sends out a set of specified information to the 3rd party product. The data exposed is a set of completely configurable fields, which can be defined using the tool.

Initially the tool is designed to be used by our implementation team, however as part of an initial engagement training can be provided to the client to enable them to use the tool on a ongoing basis. The tool is a development level tool so in addition to having being trained on the HR application, users should also be competent / accredited on SQL Server, IIS, as well as having experience developing integration with APIs.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation We always engage with our customers to deliver software that will really benefit their school or multi academy trust and we would welcome the opportunity to work with you on how we can customise our products even further to meet your specific needs.
For any customisation a scoping session will take place to identify best practice. Within the training provided by Access Education People, customers will learn the basis of customisation in respect of creating hierachy, roles and permissions ensuring that access is customised accordingly. Access Education People will offer support and advise for any questions that may arise.
Customised work such as additional functionality will be completed by Access HCSS Peoples development team. A charge may apply for the dependant on complexity.


Independence of resources Access Education People is a load-balanced, multi-tenant service. The load balancer monitors the web servers continuously and will dynamically reassign requests if one of these servers crashes.


Service usage metrics Yes
Metrics types For Enterprise Edition User Login and Processes undertaken, workflow activities are recorded in the system. In addition to viewing the logs through the system administrator, these activities can be analysed through the system Business Intelligence tools. These can be used to identify utilisation around the system, as well time taken on key processes. This can help identify how well the system is being adopted across your organisation
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Within Access Education People there are a number of standard reports that can be extracted into a variety of different formats such as word, excel, pdf, powerpoint to name a few. Reports can be duplicated and edited to ensure that the selection criteria is as required. Roles and Permissions are used to identify who has the relevant authorisation to run and extract the reports.

Customisable reports can be created by customers or alternatively Access offer a consultancy service should there be a high level f complexity required.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats Xlsx

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. Our monthly availability has not dropped below 99.8% in any 4 week period in the last 12 months.
Approach to resilience The Access Hosting solution has been designed to enterprise level with the highest possible specification for resilience and replication. Split across 2 of the UK’s premium data centres, the solution delivers replication and recovery options that are unrivalled in the mid-market arena.
The solution operates in a near continuous state across both datacentres minimising data loss in the event of a total data centre blackout. This is achieved using Zerto Virtual Replication and VMWare vSphere being delivered as a service to the Access user.
The solution has been designed so that there is no hardware single point of failure. Dual Firewalls are used to connect to dual switches, SANs and Physical Hosts. Internet connectivity is protected using the Border Gateway Protocol (BGP) ensuring connectivity in the event an outage of an upstream Internet Service Provider occurs.
The Physical hosts run VMWare ESX and operate within a VMWare vSphere cluster. One cluster node is located in Telehouse with the second in Equinix.
The use of these technologies ensures that storage and virtual machines are resident in both datacentres giving maximum flexibility in the case of a disaster.
Outage reporting Users can subscribe to email alerts giving updates on scheduled maintenance and outages. An online portal is also available to clients

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels We operate role profile based Access Control - based on least privilege access. This applies to all our services
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 01/09/2014
What the ISO/IEC 27001 doesn’t cover Nothing is excluded from the Standard
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All controls included within Annex A of the ISO27001:2013 standard.
Statement Of Applicability (SOA) available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window.
AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months.
Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability.
Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We operate a robust incident management process in line with ISO27001:2013
Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site
Incident reports will be provided following forensics and closure

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Joint Academic Network (JANET)


Price £3 to £4.50 per person per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑