Bramble Hub Limited

Bramble Hub Quinyx - Quinyx Workforce Management

Quinyx’s Workforce management software suite will solve the headaches associated with the scheduling, time and attendance, task management and forecast planning of your staff. It will give you the freedom to control your workforce from anywhere, at any time while becoming more productive and more efficient.


  • Scheduling, e-rostering, rota, workforce shift creation
  • Communication, absence management, shift updates and swapping. mobile
  • Time, time and attendance, realised hours, attest timesheet
  • Mobile, tablet, computer, anytime, anywhere
  • Budget, budget variables, cost control, optimised scheduling
  • Forecast, optimised scheduling, external software integration
  • Insights, real-time analytics, dashboards, management information
  • Manage time punch, time clock
  • Customer and Orders, individual service fund


  • Right person, right place, right time, right skills, right attitude
  • Ensure critical tasks are completed according to schedule
  • Ensure correct hours are worked and reported accurately to payroll
  • Easy access with mobile apps
  • Ensure staff rosters are in budget, view staffing costs
  • Forecast future demand to optimise schedule and budgets
  • Engage employees, reduce time with shift changes, reduce staffing errors
  • Increase flexibility with mobile workforces
  • Easily record shift start and finishes
  • Service user agreements, individual service funds, align resources, ISF


£2.50 per user per month

Service documents


G-Cloud 11

Service ID

3 5 4 4 2 1 3 2 6 2 9 1 6 9 8


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Users must have access to the web from either mobile device or desktop. The service is not limited to a fixed IP, users need to allow access to *
System requirements
Internet Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
The support team has an average waiting time of 90 seconds when calling in. The average waiting time via portal/mail is 08h45min (2018)
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Quinyx support levels are found and explained in our general SLA (Terms of Service). All support levels are included in the service fee. The Quinyx support team has a high degree of application knowledge as well as and general IT knowledge. Around 90% of all support tickets are solved within support without any need of escalation.
Support available to third parties

Onboarding and offboarding

Getting started
Quinyx will project manage the implementation and training of key individuals (Superusers) who will then provide training to your staff. eLearning (web based learning curriculum) is available to train and re-train staff. Quinyx support will take over once both customer and Quinyx agree that the implementation of Quinyx is up and running and the customer has enough knowledge to manage their instance of Quinyx moving forward.
Service documentation
Documentation formats
End-of-contract data extraction
Manual exports or data extraction via the API are available to users. Post contract, if access to Quinyx is no longer enabled, users may request an export of their data.
End-of-contract process
Service subscription can be renewed through GCloud at the end of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Quinyx mobile app offers functionality to view schedules, record time and attendance, initate communication, handle leave requests, shift bookings and submitting availability. Web versions offer more administrative detail; create a schedule, work with budgets and forecasts, approve employee times and send information to payroll, as well as manage employee data.
Service interface
Description of service interface
Quinyx offers a secure and highly redundant and flexible API through a SOAP-based Web Service interface. The Web Service security is maintained using both a customer specific API key and IP range locks per customer. All communication is encrypted over SSL. The customer may decide the frequency of the push/pull of data, and whether or not data is a full refresh or deltas only and have their internal resources or a Quinyx partner, build the interface accordingly.
Accessibility standards
None or don’t know
Description of accessibility
Quinyx is accessible from any web-connected device. There are various user interfaces that may be used including mobile apps and an HTML 5 interface that responds dynamically to the resolution and size of screen the user has logged in from. Today, this HTML 5 view is used primarily for the management of employees and existing schedules but is currently being developed further to enable full Quinyx functionality.
Accessibility testing
What users can and can't do using the API
Quinyx is generally configured by our application experts, but may be managed (data pushed/pulled) via APIs. Quinyx can share API documents with customers to outline all possibiltes. System configuration must be done via the software GUI.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Users may select which core modules of Quinyx are enabled for them, as well as set permission levels for users that access Quinyx. Workflows may also be customised based on how customers wish to work with the software. Customisation is done within the GUI by either Quinyx or the customer.


Independence of resources
Quinyx uses stateless backend services that scale horizontally to meet customer demand to the system.


Service usage metrics
Metrics types
Quinyx can provide in-app metrics on the number of users logging in and what actions are performed as well as overviews on cost, scheduled hours, and forecasting metrics. These may be viewed as reports. Reported service availability can be viewed at and reported as availability % on monthly period.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Manual exports or data extraction via the API are available to users.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Excel 2003
  • Excel 2007+
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel 2003
  • Excel 2007+

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
A combination between TLS (Version 1.2 or above) and no encryption (within our VPC) depending on the type of data. This is mostly service to service communication

Availability and resilience

Guaranteed availability
Service availability is guaranteed to be at least 99.5% over 24 hours 7 days a week outside planned maintenance windows, as part of our standard agreement.
Quinyx updates the platform and the product at least every 30 days and all customers are notified at least 7 days ahead of maintenance windows that might disrupt service availability.
Approach to resilience
Quinyx is hosted with Amazon Web Services using multiple Availability Zones. Every internal service is active in at least two Availability Zones and load balanced. All services can handle failure of a single zone.
Outage reporting
Reported availability can be viewed at and reported as availability % on monthly period.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Quinyx features a detailed access control list for user categories, restricting management interfaces to only those with permissions. Only verified individuals may contact Quinyx support channels. Support representatives will verify users calling into support before offering assistance.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Quinyx follows security bulletins, best practices and code review of all changes.
Application development also follows best practices, uses code reviews and developers are regularly educated on new threats. Quinyx adheres to Amazon Web Services best practices for Data Protection and Security. Amazon Web Services is also ISO27001 compliant, and Quinyx is working towards compliance in this area.
Information security policies and processes
Quinyx has signed an agreement with Amazon AWS where Amazon AWS guarantees to follow the EU Data Protection Directive (Directive 95/46/EC) (Read more at:

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Quinyx uses standardised configuration templates for all infrastructure where changes are version controlled and reviewed before being pushed to the environments. All authentication is centralised and role-based.

By using the same source of truth for security configuration across all environments, called the "global state," we ensure synced configuration and hardening across environments. A resource can't (impossible to serve traffic) be a part of production if it does not pass the "global state."
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We trigger alarms from our central logging systems to channels such as SMS, email and Slack notifications. The process for responding to potential alerts is to:
- Identify/perform risk assessment
- Reproduce
- Patch
- Test
- Release
We subscribe to CVE and Debian Security feeds. Suspected bugs are reported to support. Once verified, the bug's severity is graded according to our prioritization guidelines and logged in our issue tracker. After it has been logged, the bug is analyzed by an Incident Manager to determine in which release it should be fixed. This information is then relayed to the customer.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Quinyx Endpoints and DNS are protected by AWS Shield.
AWS Shield Standard provides always-on network flow monitoring which inspects incoming traffic to AWS and uses a combination of traffic signatures, anomaly algorithms and other analysis techniques to detect malicious traffic in real-time.
Always-on detection and inline mitigation minimize application downtime and there is no need to engage AWS Support to receive DDoS protection. Incidents are reported to Customer Support who will contact any customer representative potentially affected by the incident.
Incident management type
Supplier-defined controls
Incident management approach
Suspected bugs are reported to our support. If possible, they are verified directly by the first-line support representative or escalated to a second-line support representative. Once verified, the bug's severity is graded according to our prioritization guidelines and logged in our issue tracking tool. After it has been logged, the bug is analyzed by an Incident Manager to determine in which release it should be fixed. This information is then relayed to the customer. Once the bug fix has been released the customer may be notified, depending on what was decided when it was first reported- typically depending on severity.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£2.50 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑