G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with WorkInConfidence Limited are still valid.
WorkInConfidence Limited

WorkInConfidence:OverallPlatform

WorkInConfidence is the online employee engagement platform provider for organisations to measure employee engagement at any time with pulse, mini or full surveys, encourage suggestions and discussion of improvements with discussion boards/forums and facilitate whistleblowing and speaking up with anonymous conversation. Real time reporting gives clear actionable insights.

Features

  • One provider covering surveys, forums and anonymous speak up
  • Surveys include full employee engagement, short and pulse surveys
  • Easy to analyse changes over time
  • Mobile optimised web app accessible on desktop, phone and tablet
  • Cloud based, so no installation and highly secure
  • Ready to go “out of the box” but highly configurable
  • Admin panel gives you high level of administrative control
  • Sophisticated real time reporting gives clear management insights
  • Anti-abuse and limits on traffic from / to any person
  • Multi-Lingual capability covering Welsh and other languages

Benefits

  • One system where management or staff can initiate feedback
  • Enhances employee engagementGives the opportunity for candid feedback and communications
  • Gives the opportunity for candid feedback and communications
  • Great for idea generation and sharing
  • Covers engagement, fair treatment and governance in one place
  • Enhances understanding and reduces blind spots
  • Breaks down communications barriers and shortens feedback lines
  • Avoids the need for multiple provides/systems and multiple costs
  • Easily managed
  • Clear, actionable insights

Pricing

£0.06 to £2.00 a person a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@workinconfidence.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

3 4 2 6 4 0 9 8 5 7 9 3 5 3 9

Contact

WorkInConfidence Limited Tim Martin
Telephone: 07768275506
Email: tim@workinconfidence.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Staff have internet access
  • Browser access (IE9+, Chrome, Safari, Firefox)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response within 24 business hours maximum, although usually within 2 business hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide a single level of support for all clients which includes phone and email support.

The cost of support is included within the user licence fee with the only additional costs being any site visits requested by the client.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
When a new client starts using WorkInConfidence they are allocated an account manager that works with them through the on-boarding process to ensure a successful launch. This includes providing of materials to guide them through the pre-launch process, online administration training, marketing collateral.

The client also gets access to our comprehensive online support area with resources for administrators, managers and users.

The account manager then works with the client regularly post-launch to ensure that they continue to get the best out of WorkInConfidence.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Clients may download PDF copies of dialogues, including any manager notes.
End-of-contract process
If any organisation ceases to be a client of WorkInConfidence, we will remove all of its data and that of its staff/users within three months of their ceasing to be a client.

Alternatively, the client may choose to have a paid 12 months run off period after which the data would be deleted three moths post that.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Yes the service is mobile optimised. When accessed from a mobile device (smartphone or tablet) the pages reformat to fit the size of the device in question. Functionality is exactly the same.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The system is highly customisable so the client is in control of whether they are using it for employee/stakeholder engagement and staff feedback, idea discussion or whistleblowing, harassment and bullying.
The system allows for a number of administrators within the client who can alter settings and administer the system at any time through a web interface.
Customisation of the service is enabled in two key areas:

(1) Messaging on landing pages and inside the system; and

(2) System settings.

Key system settings which can be customised are:

(a) Whether staff anonymous dialogue is 1:1 manager, 1 to manager plus admin, 1 to all managers;

(b) What categories (topics) and management (responders) are on the system, and whether particular topics are linked to management most suitable to handle them;

(c) What reports are received;

(d) Whether forums are enabled;

(e) Whether push questions are enabled and if so for whom;

(f) Periods for reminders, suspensions (for anti-misuse);

(g) Whether staff are asked to select some area/function identifiers so patterns within the organisation can be more clearly identified;

(h) Other customisation options, such as changing the theme, are available on request and at additional cost.

Scaling

Independence of resources
The WorkInConfidence service is automatically monitored to ensure that there is always sufficient capacity to meet the needs of all clients. Any potential issues are highlighted and additional capacity can be added within 30 minutes.

Analytics

Service usage metrics
Yes
Metrics types
Administrators are able to access metrics such as:

1. number of dialogues raised by category and manager
2. dialogues raised by “pick list” - this is bespoke to each client but a pick list could be location or grade
3. dialogues open by manager, showing when the last message was responded to
4. ratings by manager on how timely and useful was the response
5. closure rates and average response times by manager
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
All personal identifiable information and dialogues are encrypted.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Due to the nature of the data export is not possible.
Data export formats
Other
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XLSX

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We aim to be available at least 99% of the time, apart from reasonable scheduled maintenance (either outside normal business hours or up to 1 day per quarter). If we exceed this, clients are entitled to 7 days free for each day we have been down as long as they request it within 28 days of the outage.
Approach to resilience
SpeakInConfidence is hosted on Amazon's AWS infrastructure used by many large organisations. We chose to partner with Amazon because of their work in this area. More details are available from the AWS website or directly from WorkInConfidence.
Outage reporting
There is a public dashboard at: https://status.workinconfidence.com/

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The administration areas of all clients instances of WorkInConfidence are protected via username and password. The system insists on strong passwords of greater than eight characters.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • IASME Governance standard

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
IASME Governance standard
Information security policies and processes
WorkInConfidence has:
1. Clarity on what is collected, what purposes and how stored. This is clearly documented in Privacy policies and a further internal policy;
2. Technical measures to guard security and privacy. The CTO is in charge of this, and has close oversight of all aspects of the build and operations of the Company’s services. This is discussed regularly with the CEO and also in every board report there is an update, also highlighting any areas of security risk;
3. Organisational measures. All staff are required to be aware of the organisation’s security policies and processes, and are trained and are regularly updated on these. Any third parties working with us have to sign up to and adhere to these.
Any security risk is required to be notified to the CEO and COO immediately.
To support each of these the Company and has clearly documented policies and procedures, a log of who has been trained and when last updated. These include User Privacy Policy, Password Policy, Mobile Device Policy, Retention Policy, Incident Response Policy, Confidential Data Policy.
The above are reviewed and updated at least semi-annually and any key changes highlighted to the Board.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components of the service are under configuration control (source control via git) and all changes are reviewed and tested with a view on security before being applied to the live service.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threat information comes from a variety of sources such as our hosting provider for hardware and OS information, the providers of the development language and framework we use. These and other sources are used to determine the priority and the speed with which any are implement. For OS related patches these are typically applied weekly and for framework changes at the next major release unless it is considered a security risk in which case it would be hot-fixed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Many steps are taken to ensure that the service cannot be compromised but we actively monitor the logs for unusual activity or activity from outside of known parameters.

If an anomaly is detected it is flagged up via both email and instant notification to support staff. This is then investigated immediately to see if there has been an issue and steps taken accordingly.
Incident management type
Supplier-defined controls
Incident management approach
Incidents flagged up during routine monitoring will be dealt with through company policy. User can report incidents either through our website or via our dedicated email address: security@workinconfidence.com.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.06 to £2.00 a person a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@workinconfidence.com. Tell them what format you need. It will help if you say what assistive technology you use.