CoreHR Public Sector Solutions
CoreHR manages all strategic and transactional HR and Payroll processes. CoreHR’s next generation HCM technology removes all the complexity around your processes, allowing you to focus on what’s important – your people. Empower your global workforce with a mobile self-service experience, backed by analytics and real-time management information.
- People management- fully automated HR processes and workflows, mobile platform
- Workforce management- attendance and absence tracking, leave management
- Payroll- HMRC accredited, total rewards, compensation and benefits management
- Talent Acquisition- recruitment onboarding, social integration, applicant tracking
- Learning and development- training adminstration, evaluation, course catalogue
- Budget and forecasting- workforce planning, what-if modelling and analysis
- Analytics and business intelligence- dashboards, management information, historical analysis
- Knowledge centred support, eLearning, pre-configured environments, customer community
- Pedigree- 35 year track record supporting easy & strategic HR
- Access - 100% web-enabled, device agnositic and inherently mobile
- Faster- User interface based on as few clicks as possible
- Better- fully integrated, single database platform, consistent look and feel
- Smarter- intuitive design built with usability and minimal training required
- Insightful- single platform, single source of truth powered in-application analytics
- Efficient- self-service driven functionality frees up HR/Payroll admin
- Compliant- contracted legislative and statutory compliance
- Flexible- fully configurable, scalable and modular options
- Unlimited- supports global workforces, limitless users and high availability
£1.75 to £3.25 per unit per month
- Education pricing available
+44 2039 882 474
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||-|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
CoreHR Standard Support Policy:
CoreHR Premium Support Policy: (uplift £1pppm)
Encryption at Rest
Dedicated Account Manager
|Support available to third parties||No|
Onboarding and offboarding
CoreHR University is a one stop shop to learn about CoreHR products, take online Learning courses, view online manuals, assess your knowledge and get certified on CoreHR.
Our comprehensive range of courses are delivered by CoreHR subject matter experts and certification is available for each course.
This cost effective approach provides users with immediate support and reference material for completion of tasks.
Users have the freedom to learn at their own pace and at a time, location or even a device convenient to them. Simply visit, watch bite-sized videos, take the exam and get certified.
CoreHR SaaS-IM, our approach to Implementation, we apply a process based methodology founded on PRINCE2 in which all CoreHR consultants are trained. It employs proven Project Management methods, industry best practice and proven client experience to allow for an optimised approach to HR implementations. It is designed to be a flexible toolset which can be easily understood and applied to HR projects whether they contain Payroll, Personnel, T&A or anyother elements. This methodology uses a consistent approach to understanding requirements, implementing solutions to match client requirements and providing the wraparound services required to support the implementation and on going use by clients.
|Other documentation formats||Microsoft Word|
|End-of-contract data extraction||Upon request by Customer, within thirty (30) days after the effective date of termination or expiration of this Agreement, CoreHR will make the Customer Data available in an Oracle database extract format to Customer through the Service at no additional cost. After that thirty (30) day period, CoreHR will have no obligation to maintain or provide Customer Data (except by prior written agreement between the Parties and for an additional fee), and will thereafter securely delete or destroy all copies of the Customer Data in CoreHR’s system or otherwise in its possession or control, unless legally prohibited. Customer Data stored in backups will be deleted in accordance with then current schedule for deletion/overwriting of such backups. Customer Data stored in backups will not exceed onehundred (100) daysbeyond the effective date of termination.|
The Customer will be provided a with copy of the Customer Data in an in an Oracle Database Extract
format to Customer if they so request. This one-off export will be at no additional cost to Customer.
The CoreHR Data Export process is as follows:
1. Receipt of a JIRA requesting a data export for a Customer.
2. Receive written approval in the JIRA from The Head of Technical Services or Senior Infrastructure Solutions Architect to progress an Oracle Export.
3. Run the Oracle standard data pump technology and create the Customer specific Oracle Database Extract dump file.
4. The Customer will be requested to provide a Secure FTP site to facilitate the transfer.
5. The Customer will be asked to provide their public PGP key to facilitate secure encryption of the dump file.
a. If the Customer cannot provide a PGP key the file will be zipped and password protected.
b. This password will be shared by text message to an approved recipient in the Customer’s organisation.
6. Once completed the JIRA should be updated accordingly, confirming that the dump file has been securely shared and that the original dump file has been fully deleted from the CoreHR server.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||CoreHR automatically renders to mobile. CoreHR also have a native app|
|What users can and can't do using the API||CoreHR’s solution is built on the Oracle technology stack meaning that it is very open in terms of integration which supports a variety of industry standards. Application program interfaces (API) are predefined processes within CoreHR that will carry out a specific action based on given inputs. The CoreHR application program interfaces are effectively a database stored library of procedures. For the simplicity of integration, only PL/SQL procedures are used (not functions) as the calling system will only need to make one type of call regardless of the nature of the specific API being utilised. A full overview of the API capability can be found in the attached document ‘CoreDataTalk Integration Overview’ and the public API site for CoreHR https://api.corehr.com.|
|API documentation formats|
|API sandbox or test environment||No|
|Independence of resources||Load balancers are deployed across two data centres within the CoreCloud Common Front End. In each datacentre the load balancers provide SSL-offloading and load balancing for all web requests destined for the web and application tiers in that datacentre. Global Site load balancing will be used to provide an Active / Active design. This Active / Active design will load balance all web requests across the web / application tiers in both datacentres based on a least connection basis. Traffic from the web/ application tiers will then talk to a database tier which will be active in a single datacentre.|
|Service usage metrics||Yes|
|Metrics types||CoreHR can provide usage and downtime metrics on request by the customer.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||On screen exporting available in Excel, CSV, TXT and HTML formats.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
With CoreHR Standard Support Policy CoreHR offers a 99.5% availability.
With CoreHR Premium Support Policy CoreHR offers a 99.9% availability.
Service levels are included within the support policy.
|Approach to resilience||The CoreHR Hosted Application is deployed within the BT Ireland Citywest Tier III Data Centre. It resides in what is termed as a shared managed Infrastructure. With the CoreHR solution resides within its own managed VLAN configuration, the service is comprised of bandwidth from three upstream providers with full transit resilience with an aggregate bandwidth of over 5Gbps. All three upstream providers are provided over diverse and fully resilient fibre networks which are in turn linked to both public and private peering points. The providers currently serving the data centre are BT Net, BT Global and Global Crossing hence we are not reliant on any single provider. For example, if all BT networks were to fail, the BT data centre IP network would continue to operate through our connectivity to Global Crossing. BT's IP network is designed to never run over 50% capacity. Outlined in the schematic below is the meshed IP network.|
|Outage reporting||Email Alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||
CoreHR has an Access Control Policy as part of our Information Security Policies. The policy takes into account business and security requirements, is reviewed and approved by management and is communicated to all staff.
As part of the policy, asset owners determine the appropriate access controls, rights and restrictions appropriate. Physical and logical and network access controls are considered together with the information classification level of the asset. Access rights are allocated on the principle of “least privilege” so the user only has access to those systems that are necessary for their role.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Certification Europe|
|ISO/IEC 27001 accreditation date||25/01/2016|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Certification|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
CoreHR has an Information Security Policy which is approved by management, this is an element of the wider Information Security Management System against which the Organisation has been ISO 27001 Certified.
The policy is owned and published by the Chief Information Security Officer. It sets out the organisation's approach to security, the commitment from the senior management team and the specific security policies of the company.
The Information Security Policy is updated regularly, is published on our the corporate sharepoint and staff receive training on the policy during induction training and refresher trainng on a twice yearly basis.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||No changes are made to a customer environment without their request/approval. The only team within Core with the level of access required to introduce a software release to a customer environment is the DBA team. This request would need to come from the customer via the CoreHR support organisation. A Change control policy is in place and forms part of the organisations ISO 27001 certified ISMS this policy sits at an overaching organisational level and has additional Change Control policies as applicable at a per Busienss Unit level.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Vulnerability scans are completed in conjunction with our Datacenter partners-BT
Technical Vulnerability management within CoreHR is undertaken by the Information Security team. For example, the IT Manager has responsibility for assessing technical vulnerabilities with PCs, local networks and ensuring appropriate measures in place.
Risks to assets are assessed on an ongoing basis via CoreHR’s technical functions or via suppliers such as Oracles, McAfee, etc. Urgent or critical vulnerabilities or threats are addressed as a matter of urgency. Systems are high risk are addressed first. A risk assessment is also conducted on all assets as part of annual asset review
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Monitoring is carried out of all database activity including use of tools such as Oracle Enterprise Manager and Audit Vault auditing functionality. This monitors and records in logs selected / defined user database actions. Core security monitoring mechanisms trigger auditing when someone accesses or alters specified objects in an Oracle database, including the contents within a specified object.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||CoreHR has an Incident Response Procedure which outlines how an incident should be handled and reported. This procedure forms part of the organisations ISO 27001 certified ISMS. The IS policy also highlights to employees how suspicious activity can be reported.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1.75 to £3.25 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||No|