Zellis UK Limited

ResourceLink

ResourceLink is the UK & Ireland’s leading integrated payroll and HR software. Award-winning software function-rich can be configured to meet the most complex and exacting requirements. It easily integrates with your existing systems and offers powerful reporting and analytical capabilities and user-friendly self-service interfaces. In addition, we offer Job Evaluation.

Features

  • Supports payroll, expenses, P11D, pension auto-enrolment, leave and absence
  • Quickly and reliably processes large and complex payrolls
  • Supports onboarding, performance management, learning & development tracking, succession planning
  • Time and attendance module supports multiple schedules, rotas and shifts
  • Pensions capability that works across all sectors
  • Regular updates, driven by customer experience and market trends
  • User-friendly any device access 24/7 for tracking, analysis and reporting
  • 200+ standard reports and/or build custom reports using real-time data
  • Powerful workflow-driven processes and query management with user-friendly dashboards
  • ISO 27001 certification for data and information security

Benefits

  • Accurate, reliable payroll readily configured to your exact requirements
  • Legislative and regulatory compliance with pro-active advanced planning for changes
  • Supports public sector government returns and survey requirements
  • Accurate, faster pay reviews from centralised pay and reward data
  • Single data source providing integrity and reduced risk of fraud
  • Comprehensive, accurate, real-time information, enabling evidence-based decisions
  • Controlled, automated and streamlined processes driving efficiency and cost reduction
  • Enhanced employee engagement, driving productivity and retention
  • Ability to integrate employee benefits, communications, recognition and wellbeing software
  • Flexibility to re-configure provides enhanced future-proofing capabilities

Pricing

£1.05 a person a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsupport@zellis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 3 9 2 0 1 2 4 8 1 9 7 8 7 3

Contact

Zellis UK Limited Tony Parncutt
Telephone: 0800 0420315
Email: bidsupport@zellis.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None.
System requirements
Customer to provision suitable firewall-router to initiate IPSec VPN

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online support is provided as standard. Phone support is chargeable extra, Support hours are 9-5:30 Monday to Friday excluding bank holidays.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web Chat (LiveChat is accessible via the Zellis Support portal.)
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Support is available via the Zellis Support Portal 24/7 allowing users access to raise tickets. Customer are provide with a dedicated Zellis Account Manager and Zellis IT Customer Manager to help support with technical difficulties. In addition to our standard support offering we offer a further level with SLA (Assist) as detailed in our Cloud Software brochure.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
During due diligence we will work with the Buyer will provide a number of standard ResourceLink course as appropriate to the modules purchased. In addition we will conduct a training needs analysis which will enable us to identify with the Buyer additional training which may be required.

Training is provided onsite, online and at Zellis office and training manual is provided for each class-room training session for the attending Buyer employee to work through during the course and to take with them.
Service documentation
No
End-of-contract data extraction
Upon contract termination, data will be returned to the customer in a contractually agreed format in whole, or destroyed in line with GDPR requirements.
End-of-contract process
A mutually agreed exit plan is implemented, providing continued Account Management, support and maintenance until the contract ends or as otherwise agreed.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference however responsive design will re-size the screen depending on the device being used.
Service interface
No
API
Yes
What users can and can't do using the API
Outbound services ResourceLink will advise for starters, leavers and changes. Inbound services via new employees will be created.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
ResourceLink accommodates a considerable degree of configuration to meet buyer requirements.

Branding facilities can be provided to allow buyer to customise your self-service portal to get the look and feel if your own organisation. The branding pack allows you to amend style sheets, to customise images, logos, fonts and colours in line with existing intranet, internet and portal website styling.

ResourceLink has also been designed and developed in close consultation with the independent Customer User Group and Zellis continuously work with customer feedback from our Extranet site to enhance efficiency, intuitive data input and process flows and simple navigation. ResourceLink provides the System Administrator with the ability to customise the system in line with business requirements and tables and parameter files can be defined and maintained to configure ResourceLink in line with Buyer policies and procedures to meet the needs of different types of users.

All configurations are then protected on an on-going basis even following system upgrades, as these user changes form part of the database and not the software.

Scaling

Independence of resources
Peak demands are smoothed using dynamic resource re-allocation and load balancing capabilities within the infrastructure. Each virtual server has a variable allocation of CPU which may be flexed dynamically so if a virtual server is quiet it can donate resources to to others and return them.
Resilient content switches load reverse proxy service to direct to the delivery tier to provide the application.
Baseline specifications for each virtual server reflect actual usage and storage pools have reserves based on real usage statistics.

Analytics

Service usage metrics
Yes
Metrics types
Application performance (response times, throughput, network times etc);
Status of application servers and databases;
Resources used (memory, CPU etc)
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is exported using ResourceLink reporting and analytic tool.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XML
  • PDF
  • HTML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
Other
Other protection within supplier network
A secure and resilient network ecosystem is part of the UK-based SaaS infrastructure. This multi-layer network is protected in a zoned arrangement using a combination of firewalls, switches and routers from industry standard suppliers. Dual resilience is in-built ensuring no single points of failure. Separate network routing for non-VPN Internet connections that will terminate onto load balanced F5 Content switches which in turn load balances an Apache Reverse Proxy farm specifically for both private and public-facing services. This will then direct traffic to the customer’s dedicated MyView Self-Service instances and thereafter to the customer's dedicated Live and UAT database instances.

Availability and resilience

Guaranteed availability
The SaaS-based systems are generally available for on-line use 24 hours per day, 7 days per week, excluding certain times during which housekeeping and other operational activities take place, e.g. upgrades to the SaaS infrastructure, database export routines etc.

Zellis will commit to 99% availability during the Core Service Availability Period which is 08:00-18:00 on UK working days.
Approach to resilience
Dual Data Centres with write consistent data replication between them, resilient Power 365x24 backed-up with UPS&Generators, equipment racks have resilient power feeds&appliances&enclosures have dual power supplies to these independent feeds
Internet provisioning is fully diverse with fibre routes into the Data Centre&PoPs, Internet appliances and firewalls are all stacked configurations, LAN Switches are all stacked, Oracle 12c RDBMS with advanced recovery capabilities, SAN Storage System is fully resilient with Dual Controllers, SAN fabric is an industry standard Dual Fabric design, multiple SAN Switches are used to support the Dual Fabric design, load balanced environment & dynamic resource allocation features, dual VIOS Server design and each service has a dual route via both VIOS servers for IO (e.g. multi-path). All the services are tested as functionally running on a single VIOS Server and thereby mitigating fibre/Ethernet card failures within that VIOS server
All the services are tested to the application level of Logical Partition (LPAR) Mobility to a second Power Server platform (n+1), no local drives in the server for the service, fibre & Ethernet cards are hot swap on failure, with redundancy, capacity planning is done on an n+1 basis to ensure capacity is available if there was a failure.
Outage reporting
Any outages and other service-related information is shared via email to previously nominated users.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The Zellis SaaS environment is logically isolated from the Zellis corporate network and access to customer data within Zellis is only granted where a legitimate business need is identified.

Access by privileged users of the SaaS environment is controlled via a Bastion Host infrastructure. This consists of a number of technologies including Terminal Services, file and proxy servers as well as two factor authentication using RSA keys. This Data Leakage Prevention technique ensures that data cannot be removed from the data centres by privileged users.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
24/07/2018
What the ISO/IEC 27001 doesn’t cover
N/A.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Zellis' Information Security Management System (ISMS) ensures the effective management of risks to information and information systems utilising appropriate and proportional technical and organisational measures.

A set of framework articles summarise measures, to assure Zellis customers and interested parties that the information entrusted to Zellis is appropriately secured, and to demonstrate Zellis’ compliance with applicable legal, legislative and regulatory requirements.

The Zellis Information Security Framework comprises of 8 security domains: Access & Identity Management, Cyber Security, Data Security & Information Lifecycle, Governance, Risk & Compliance, Human Resource Security, Operations Security, Physical Security and System & Software Development Security.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a defined Quality Assurance procedure and carries out rigorous testing of new releases and upgrades within this context.

Functionality is tested in isolation, in conjunction with the system as a whole and by regression. We run Beta Test programs for all our releases and encourage customers to participate as and when appropriate.

All software changes made by our development or bespoke teams are tracked by a version control system and changes are made against a specified numbering system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Quarterly vulnerability scans are carried out on infrastructure. Bi-annual penetration tests are carried out by an independent third-party consultancy who are CREST members.

IDS is enabled at Primary and Secondary data centres. IDS modules are enabled on firewall devices and separate IDS (deep inspection) appliances monitor the Internet perimeter and the MPLS (Wan) circuits. Web traffic passes through additional load balancing appliances, providing additional security.

All log traffic is sent to Zellis SIEM servers for analysis. Deep packet inspection and analysis is combined with threat analysis and sand-boxing to identify, report and mitigate threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs from servers, network devices and database are copied to Zellis' Security Information and Event Management (SIEM) system and analysed by qualified Security Operations Centre (SOC) personnel for abnormal activity that may represent an Indicator of Compromise (IoC). Alerts are correlated and investigated by the SOC to determine if they are genuine IoCs. Documented response plans are in place for timely escalation and response to IoCs. The SOC operates on a 24/7/365 basis.
Incident management type
Supplier-defined controls
Incident management approach
We use an ITIL model across our support area. We continually analyse the incoming tickets and categories and where trends are identified an ITIL Problem process is adopted through to route cause analysis and resolution. Priority 1 issues are reviewed through the problem process for route cause analysis.

Incidents are reported are reported via the Zellis Support portal and incident reports are made available to the Buyer via the same system.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.05 a person a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsupport@zellis.com. Tell them what format you need. It will help if you say what assistive technology you use.