Kainos Worksmart Limited

Smart - Automated Workday Testing and Supporting Services

'Kainos Smart' is a cloud-based automated-testing-platform built exclusively for testing Workday. This unique product makes it easy for non-technical users to create repeatable automated-tests for HCM, Recruitment, Security, Financials and Payroll modules – and is what Workday use to test their deployment. Kainos is also a Workday Certified Implementation Partner.

Features

  • Covers HCM, Payroll & Financials business-process, Security configuration and Integration-testing
  • Allows automated execution and verification of test cases against specific-Workday-configuration
  • Test automation is pre-built and continually-maintained by Kainos against latest-Workday-version
  • Proven testing methodologies for HCM, Payroll, Security and Financials
  • Scheduling of concurrent test-execution on multiple-tenants enabling high-volume of test-execution
  • Reporting capability that consolidates results from multiple test runs
  • Troubleshoot tests failures at-a-glance with screenshots that show failure-location/ error-message
  • Secure storage location to share documents and data
  • Complete toolkit to assist with the creation of test data
  • API that enables integration with ALM and CI tools

Benefits

  • Tests the-security-of-your Workday population; and monitors and reports on change
  • Full end-to-end testing of business critical transactions- improving test coverage/quality
  • Reduces testing effort, timescales and costs during implementation and ongoing-regression-testing
  • On-average customers see a 40% reduction in implementation-time using Kainos-Smart
  • Reduces overall testing and maintenance burden on your SMEs
  • Frees-up staff time to-take-advantage of and adopt new Workday features
  • Improves auditability of-testing by producing transparent, concise audit evidence
  • Reduces risk in Workday implementations and ongoing BAU changes
  • Flexible service-offering covering Test Advisory, Change Management, AMS, Phase-X
  • Kainos-are-the-only Partner to implement Workday into UK public-sector to-date

Pricing

£21000 per licence per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

1 6 5 6 9 3 9 5 6 5 1 8 0 1 0

Contact

Kainos Worksmart Limited

Ruairi Digby

02890571100

presales@kainos.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Web Browser access is only required. Following versions and above are supported

• Internet Explorer: Version 11
• Firefox: Current Version
• Chrome: Current Version
• Safari: Current Version
• Edge: Current Version

Workday Preview window occurs biannually where we guarantee - Week 1 support for Integration, Security testing and full support for BP testing from Week 2 onwards.

Planned maintenance releases occur on Saturday morning to coincide with Workday releases though these are predominantly zero downtime deployments. If planned outage is required this will be communicated in advance and a Smart maintenance page will appear.
System requirements
  • Browser: IE8, IE9, Microsoft Edge, Firefox, Chrome, Safari 9+
  • Spreadsheet editor capable of reading and saving .xls format
  • Workday (Smart is an automated testing product for Workday)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Kainos provides a named Engagement Manager who will be the AMS owner. Customers receive access to the Kainos Incident Management System. This allows for tracking of all tickets raised, to ensure that Kainos meets its SLA commitments and allows for an easy to use web interface where the details of all engagements can be viewed and tracked, and reported, more easily. Target response times are based on priority - Critical (1 hour), High (2 hours), Medium (4 hours), Low (1 day), Query (2 days). Service hours are 9am-5pm GMT, excluding UK public holidays. Optional out of hours support also available.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
As per our SLA one level of support will be agreed at the time of contracting.

This support cost is included as part of the subscription service cost so there is no additional charge.

We provide a dedicated Service Manager who has overall responsibility for day to day support, the Service Manager will liaise with our Development Operations team (Cloud Service) as required e.g. if server maintenance is required. In addition, we will hold regular calls with key stakeholders from the customer side via our Customer Success Manager to discuss account management queries.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Associated to the Kainos Smart product is a suite of implementation services delivered by our expert team of workday certified consultants in line with our industry best practice methodologies. All Kainos Smart implementations are tailored to suit the specific requirements and timelines of the customer and typically cover the following objectives:

- Kick off - the Kainos team provision your Smart tenant including connectivity to your Workday tenants.

- Plan stage - a series of collaborative meetings to agree implementation plan (timelines), agree & qualify the success objectives, identify test pack requirements and establish governance procedures.

- Delivery Stage - Kainos build and deliver of the Kainos Smart test packs as agreed with customer during plan stage.

- Knowledge transfer & training - onsite knowledge transfer workshop to complete handover of test packs and user documentation to ensure the customer team are self-sufficient going forward.

- Support – transfer to the Kainos Smart support team and assignment of Customer Success Manager to ensure customer continues to realise benefits for remainder of subscription term.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Kainos will retain Customer Data for a period of 5 years from data entry: Customer Data will only be available via the Smart tenant web application for 2 years from data entry and thereafter will be archived and retrievable upon Customer request.

Data can be exported unaided by the customer from Kainos Smart in the 2 year period after data entry using the export functionality within the product that allows export of test run results to .csv and .pdf file formats and export of the test data templates that contain the executable customer specific test cases to .xls format.
End-of-contract process
Included in the contract is access to the applicable Kainos Smart modules for the duration of the subscription term:

- HCM & Integrations
- Security
- Financials & Integrations

Also included is the selected amount of Kainos Smart implementation services delivered by our expert team of Workday certified consultants. At a minimum the implementation services cover two primary deliverables:

1. The creation of initial test packs containing approximately 2000 test cases covering a range of Business Processes, Security and Integrations.

2. Knowledge transfer to the customer team of the Kainos delivered test packs, and on-site training on the Kainos Smart product.

Ongoing support in line with our SLA is also included in the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Kainos Smart is a SAAS browser-based application. Users can configure test scripts to run via the browser and can set the frequency of execution, view results and rectify issues identified via the browser.
Accessibility standards
None or don’t know
Description of accessibility
TBC
Accessibility testing
TBC
API
Yes
What users can and can't do using the API
Smart has a REST API, the main purpose of which is to allow customers to orchestrate tests from an enterprise ALM (Application Life Cycle Management) tool or CI (Continuous Integration) Tool. When using Smart in this way, tests must still be created via the Smart API. However, once tests have been created they can be executed and re-executed from a 3rd party tool, with the 3rd party too having the ability to retrieve full detailed results via the API also.

The API does not allow users to create or modify test cases.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Kainos Smart has auto-scaling configured to enable it to handle peaks in customer usage. The auto-scaling is designed to ensure that the infrastructure resources automatically scale to handle demand from all customers. The system is capable of processing tens of thousands of tests an hour. Kainos Smart uses Amazon Web Services Auto Scaling Groups.

Analytics

Service usage metrics
Yes
Metrics types
We provide a breakdown of Usage per month, this includes:

– number of tests run by month
– number of tests run by test type
– uptime metrics
– Support ticket response metrics
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported from Kainos Smart at any stage during the subscription term by the customer.

There is export functionality within the product that allows export of results to .csv and .pdf file formats. There is also functionality to allow export of the data templates that contain the executable customer specific test cases can also be exported to .xls format.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
XLS

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Unplanned outage:
Uptime SLA 99.5%*

* based on 7 days’ x 24 hours per calendar month (exclusive of planned outage) this equates to 3 hours, 36 minutes per calendar month or 1 day, 19 hours and 48 minutes per year of unplanned outage.

Planned outage:
10 hours per month scheduled downtime (on 24 hours’ notice, to Customer, via email, of planned outages). The Subscription Services:

- may experience scheduled downtime of up to 10 hours per month for service updates;
- shall be available no later than 24 hours after each Workday update.
- updates will be aligned where possible with the Workday planned outage schedule.

Disaster Recovery:
Kainos targets a recovery time objective (the timeframe within which Kainos aims to have the Subscription Services restored) (an “RTO”) of 12 hours following an agreed Category A (Critical) incident occurring, measured from the time the Subscription Services becomes unavailable until it is available again. Kainos targets a recovery point objective (the maximum amount of transactional data that could be lost) (an “RPO”) of 24 hours. The RTO and RPO are target times only.

Due to the low price point of the product Kainos do not offer service credits or refunds.
Approach to resilience
Kainos Smart leverages Amazon Web Services Auto Scaling Groups for all its servers. Auto Scaling Groups are configured to use three independent Availability Zones in each region. Each of the availability zones has a separate data centre with its own independent power and network supplier.

Should there be a service disruption in one of availability zones Amazon Web Services will automatically switch to the other ones. Kainos Smart application will route all requests automatically to redundant servers. Further, all Kainos Smart databases (PostgreSQL, Oracle, and Redis) leverage multi-zone deployments. In addition, Kainos Smart has enabled automatic daily database snapshots for its databases. The database snapshots are automatically copied to Amazon Web Services secondary region and Rackspace data centre (secondary cloud provider). Files stored in Kainos Smart are stored in Amazon Web Services S3 service with a live bi-directional cross region replication. Further, all files are also stored in Rackspace CloudFiles service.

Availability SLA: 99.5% (unplanned outages)

Due to the low price point of the product Kainos do not offer service credits or refunds.

For more information on the SLA please refer to section “Guaranteed availability”.
Outage reporting
We report both planned and unplanned outages by email alert.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
Kainos Smart provides a separate Smart Management console that is only available to Kainos professional services and support staff to modify configuration parameters of customer’s Smart Tenants. Customer data is not available through this Management Console.

Access is restricted to the Kainos network and VPN. Users are authenticated using Username and Password.

Sensitive functionality within the console is controlled via 4 eyes policy workflows, preventing individual users from performing critical actions.

Kainos access to Customer Smart tenants is controlled by each customer via their Smart tenant including IP restrictions and account auto-expiry rules.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
12/03/2017
What the ISO/IEC 27001 doesn’t cover
Outsourcing is out of scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Kainos has been assessed for SOC2 Type 2 compliance by EY.
Information security policies and processes
Kainos has implemented information security policies based on compliance with:

- ISO27001 - policies include: asset management, human resources, cryptography, access control, physical and environmental, systems development and testing, compliance, communications, data protection/privacy and incident management.

- SOC2 Type 2 - focusing on Security Trust Principles

This information security policies are audited and certified by the British Standard Institution (BSI) against the ISO27001:2013 standard. Audits happen bi-annually.

Kainos has been assessed for SOC2 Type 2 compliance by EY. SOC2 audits occur annually.

New staff are required to confirm their understanding of all security policies. Annual security awareness training ensures staff are fully aware of processes. Training is administrated though a digital online system to ensure completion by all staff.

In addition to 3rd party audits, regular internal audits are performed on our information security controls.

In terms of reporting structure, we have a Chief Information Officer reported into by an InfoSec Management Team, Security Practice and a number of Business Unit Security Officers. The InfoSec Management Team is reported into by a Corporate InforSec Officer, an IT Systems Security Manager, a number of Systems Security Representatives and a Facilities Security Officer.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Customers log issues and change requests via the support portal.

Application defects and new features are logged in JIRA. JIRA tickets follow strict workflow statuses from appraisal through to testing, ensuring segregation of duties with approval steps at each stage.

Security is considered at all stages of the ticket workflow. Developers and testers focus on OWASP standards. All code changes are peer-reviewed.

Automated security testing uses tools including Arachni, Nessus, Zapp, W3AF scanner, Burp suite.

3rd party penetration and vulnerability scans take place bi-annually.

Our software stack and environment builds are managed by Puppet and AWS CloudFormation services.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The platform team performs Linux, AWS, and HTTPS scans of our application daily.

Weekly, the Smart application is scanned for vulnerabilities, using OWASP tools that utilises the NIST NVD.

Production environments have auto-attend patch updates configured, meaning latest patches are applied automatically.

Any identified vulnerabilities are reviewed by the security team. Vulnerabilities that have the potential to compromise customer data, with high risk of exploitation will be classified as critical

Bi-annually, Kainos uses 3rd Party Information Security company (CESG and Check approved) to perform vulnerability and penetration testing of Smart

Kainos aim to resolve critical vulnerabilities within 24 hours.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Trend Micro IDS and IPS is configured on the Smart production environment performing the following checks (Malware, Log inspection, Web reputation, File, process & port integrity)

Web Application Firewall deployed with checks including HTTP Protection, Real-time Blacklist Lookups, Web-based Malware Detection, HTTP DDOS, Common Web Attacks Protection, Automation Detection, Trojan Protection, Identification of Application Defects, Error Detection and Hiding

Elastic Stack is configured for log aggregation and real-time alerting.

Any potential compromise is reviewed by our security team to understand extent of compromise.

Kainos aim to respond to incidents immediately, with notification to customers of suspected compromise within 24 hours.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
A)       Customer contacts Kainos with incident by phone, email or online ticketing system.
b)      Incident is triaged by assigned Support Engineer and if possible resolution identified, actioned and communicated back to the customer.
c)       If additional assistance is required, incident is raised with specialist Kainos Smart technical teams.
d)      Once a resolution has been found, incident ticket will be updated with details of when the fix will be released.
e)      Once the issue has been resolved, the support engineer follows up with the customer to ensure they are satisfied with the result.
f)        Incident ticket will be closed.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£21000 per licence per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑