Ancoris Limited

Appogee Leave

Appogee Leave is an online leave management for employee absence tracking for holiday and sickness which integrates with calendars including Microsoft Outlook and Google Calendar


  • Staff can submit requests for managers to approve absence requests.
  • Self Service Staff can edit their own profile
  • Security Roles, controlled securely through User, Manager, HR and Admin
  • Leave, Sickness Management, provide absence management for holidays, sickness
  • On-Demand Reporting, Create, filter, save and schedule HR Records Management
  • Securely Hosted 99.95% uptime SLA, supports GDPR compliance
  • Integrates with Google G-Suite and Microsoft Office 365


  • Report on all Employee information.
  • Self Service - saves time, accurate
  • Security Roles - controls access to data.
  • Centralised Information, Giving you easy visibility of each employee
  • Request and approval system with visibility of absences.
  • Customisable reporting, accurate, meaningful and up-to-date reports in an instant.
  • Securely Hosted, Know your data is secure on Appogee HR.


£0.5 to £1 per user per month

Service documents


G-Cloud 11

Service ID

2 8 3 3 5 3 1 4 4 9 2 5 8 4 9


Ancoris Limited

David McLeman|Phil Jordan|Trevor Cook

+44 (0) 8452626745

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Accessible by any modern browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond within 4 business hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Text only chat supported
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels We provide searchable community forums, an area to suggest new features and tutorial articles for each of our products. We also provide a formal helpdesk so if users can’t find the answer they want in the forum, simply submit a ticket to the helpdesk.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Start-up wizard and documentation, email support
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers can export data within 2 weeks of service expiry
End-of-contract process Customers can export data, advised to complete before service expiry. Data is deleted 60 days after service end.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive design for tablets and desktop.
Service interface No
What users can and can't do using the API At extra cost - provides the ability to script create, read, update, delete
access to users, teams and configuration data.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Access permissions, leave types, sickness types, public holidays,
teams, approval workflow, colours and company logo are all
configurable by users with the appropriate permissions.


Independence of resources Developed on highly scalable PAAS. Already supporting 100s of customers


Service usage metrics Yes
Metrics types Active user counts, Management reports, Leave requests etc.
Reporting types Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Appogee HR Limited

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach UI provides ability to download via browser
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% in any month - SLA at
Approach to resilience Our delivery platform auto scales up to handle peak workloads. Data Centre provider can automatically fail over service to alternate data centres seamlessly to clients. Daily backups are taken to support emergency restoration in the unlikely event of some catastrophe.
Outage reporting Data centre outages are reported on a publicly accessible portal. Service disruption notifications which are planned are notified by email in advance. Unplanned service outages are notified publicly via our Twitter account.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Client's choice of G Suite or Microsoft Single Sign On via OAuth or via Username/Password
Access restriction testing frequency At least every 6 months
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Data-enter and PaaS supplier certified by EY CertifyPoint
ISO/IEC 27001 accreditation date 13/04/18
What the ISO/IEC 27001 doesn’t cover Data-center and PaaS supplier certified to ISO/IEC 27001. Other elements which are covered by Appogee HR's Cyber Essentials Plus accreditation
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Outsourced via Worldpay
PCI DSS accreditation date 01/05/2018
What the PCI DSS doesn’t cover N/a
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Appogee HR is certified to Cyber Essentials plus and our Data Center Hosting and Platform provider is certified to ISO 27001, SSAE16 / ISAE 3402 Type II: SOC 3, ISO 27017 Cloud Security, ISO 27018 Cloud Privacy
Information security policies and processes Appogee HR Information Security Policy, Appogee HR Business Continuity Plan

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes documented in code repository. Auto-published for automated unit and system tests. Supplemented by ad-hoc testing. Sign off for production system which can run multiple concurrent versions. When new version validated it is pushed to all clients. Emergency fixes override this on management authority, post reviewed by Operations Team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our data centre provider has large Information Security Team including experts in information, application, and network security. They are maintain defense systems, security review processes, build infrastructure and implement policies. We also run independent vulnerability scans on a monthly basis which delivers an actionable report where it has findings.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach This involves our data centre provider tightly controlling the size and make-up of their attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our Data Centre's program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas. These tests take into consideration a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.5 to £1 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 14 day free trial
Link to free trial

Service documents

Return to top ↑