Business Systems (UK) Ltd

Business Systems Workforce Management for Police

Workforce Management solutions (WFM) from Business Systems enables accurate scheduling, forecasting and resource planning in the contact centre and control room. With 30 years' Workforce Management experience, we offer full consultancy, project management, implementation and support services to deliver best fit, optimal Workforce Management solutions for the police.


  • Automatic scheduling tools at a multi-site, multi-skill, multichannel level
  • Powerful Workforce Management forecasting with simple workflows
  • Intraday Scheduling Management with real-time adherence tools and alerts
  • Over 25 standard Workforce Management reports and optional customised reporting
  • Integrate to people data sources including Active Directory, HR, payroll
  • Certified connectors to major CTI providers and 3rd party providers
  • Workforce Management Employee self-service tools including absence management, shift swaps
  • Competence Manager and Training Planning tools
  • Market-leading Workforce Management solutions e.g. Teleopti, NICE
  • Workforce Management know-how and experience in the police sector


  • Demonstrate a transparent return on investment (ROI)
  • Optimised scheduling for higher service levels at lowest cost
  • Accurate forecasting of demand for increased efficiency
  • Flexibility to handle the unexpected and minimise disruption
  • Proactively monitor Workforce Management activity and respond in real time
  • Hosted Workforce Management means only paying for what you need
  • New features are automatically and rapidly released, free of charge
  • Balance operational efficiency, customer service and employee satisfaction
  • Optimise training and development by replicating desirable profiles
  • Workforce Management service and solutions optimised for the police market


£19 per person per month

Service documents

G-Cloud 10


Business Systems (UK) Ltd

Julie Kerman

0208 326 8326

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Maintenance windows reserved on the 2nd Wednesday of every month for patching and cloud maintenance. 14 days’ notice is provided if this is going to occur or not. Typically, the window takes no longer than 1 hour, and is used outside of the customer’s core hours.
The hosted environment uses active replication, meaning that at any one time there are 3 instances of a customer’s environment available in 3 separate locations. Should one become unavailable the solution will automatically and seamlessly switch over to another so as to safeguard against any disruption for the customer.
System requirements
  • Modern browser with updates for agents and team leaders
  • PDF Reader or Excel for reports
  • Screen resolution: minimum 1280x1024
  • 1 Dual core x 64 6GB memory
  • Port 80 for http and 443 for https open
  • Windows 7/8/10, latest updates applied

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 98% of support phone calls are answered within 5 seconds by our Customer Service centre. They will log a case and assign the priority of the query or problem. Typically Business Systems provide technical 1st response within 20 minutes for Support related issues. Response times differ outside core business hours due to the automated routing of calls. A 24 hour facility is available where cases can also be logged 24/7 (calls are routed to the Out Of Hours Team; emails would be logged and picked up the first business day). Tailored support is also possible e.g. manned 24/7 help desk.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Business Systems provides five levels of support including:

1. Platinum - Full support, 24 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite).

2. Gold - Full support, 0800-2000 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite)

3. Silver - Standard on-site support (including telephone support), 0800-
2000 Monday-Saturday; Response time of 8 hours UK (typically 4 hours in the City of London)

4. Bronze - Basic on-site support (including telephone support), 0900-1700 Monday-Friday; Response time of 8 hours UK (typically 4 hours in the City of London)

5. Tailored Service Level based on the customer's requirements e.g. custom support hours, on-site support, technical account manager etc.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided on site and delivered by Business Systems Workforce Management Consultants with resource planning backgrounds. The training is consultative and promotes knowledge transfer through hands on exercises and relevant support e.g. building the hierarchy and schedules. Training is 'Train the Trainer' based, to enable additional training to be conducted internally.
There are typically two workshops where the customer is guided to configure the product. Go live and post deployment support is also provided as standard and should the customer need additional go-live support, additional days can be provided.
There is also an online "Wiki" that provides a wealth of material for end users. This includes context driven help, process overview, and troubleshooting guides. End users also have access to the customer portal which includes forums, FAQ's and product documentation.
Business Systems provides training material covering the main modules. These guides provide an overview of the main functionality for modules in scope.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Online Wiki
End-of-contract data extraction Reporting, query SQL or copy/paste from end user interface. Copies of databases can be provided
End-of-contract process There are a number of options available for extraction of data at the end of the contract. A full copy of the database can be provided on request. Other options include exports of schedules and forecasts from the admin client. The reporting module can also be used to generate reports and export the data as necessary. Employee information can be exported from the people module.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop service is used by administrators and includes forecasting and scheduling functions. All agent based interaction is web based. Functionality is common across desktop or mobile browsers, display scales with some change to display for mobile devices. This is optimised.
Accessibility standards None or don’t know
Description of accessibility The web interfaces are designed to be accesible from multiple browsers and devices.
Accessibility testing None
What users can and can't do using the API The API functions are comprehensive. Many user, schedule and forecast based actions can be executed using the API. It is the main interface for integrations with 3rd party applications.
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available No


Independence of resources Segregation of customer services in Azure DC


Service usage metrics Yes
Metrics types Max agents used/month, Service Uptime
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach We ensure that the databases and repositories containing the customer’s data are protected from unauthorized access by using appropriate authorization controls. All data is SSL encrypted while in transit.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reporting, query SQL or copy/paste from end user interface. Copies of databases can be provided
Data export formats Other
Other data export formats
  • Word
  • SQL
  • PDF
  • XLSX
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks We ensure that all external entry points to network segments containing the customer’s data have restricted access controls in place and include at a minimum the following: External network perimeters shall be hardened and configured to protect against unauthorized traffic; All external connections shall terminate in a DMZ and connections recorded in an event log; Inbound and outbound points shall be protected at a minimum using firewalls and intrusion detection systems (IDS), and if possible include intrusion prevention systems (IPS), to prevent unauthorized activity; Web and application servers shall be separated from the corresponding database servers by means of firewalls.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network The customer’s data is only stored and processed in Manufacturer's operations and in the operations of Microsoft Corporation. The customer’s data may not be stored on, or processed in or transferred to private devices, such as personal computers, mobile units (including smartphones) and external storage media (e.g. USB memory sticks).

Availability and resilience

Availability and resilience
Guaranteed availability The hosting service offers a guaranteed uptime of 99.6%, excluding any planned maintenance within the Operational Time, scheduled and agreed downtime, and the occurrence of any Force Majeure Event.
Approach to resilience The application runs in Microsoft Azure, which provides our customers with excellent business continuity. From a data point of view, this includes a built-in high availability subsystem that protects databases from failures of individual servers and devices in a datacentre.
Azure SQL Database maintains multiple copies of all data in different physical nodes located across fully independent physical sub-systems to mitigate outages due to failures of individual server components, such as hard drives, network interface adapters, or even entire servers.
At any one time, three database replicas are running—one primary replica and two or more secondary replicas. Data is written to the primary and one secondary replica using a quorum based commit scheme before the transaction is considered committed.
If the hardware fails on the primary replica, Azure SQL Database detects the failure and fails over to the secondary replica. In case of a physical loss of a replica, a new replica is automatically created. So there are always at minimum two physical, transactionally consistent copies of our customers’ data in the datacentre.
Outage reporting This is achieved via Microsoft tools

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Users may authenticate through username (email address format) and password. Password complexity controls may be set. Alternatively SSO can be used with a 3rd party identity provider
Access restrictions in management interfaces and support channels Customer controls, user accounts and role configuration. There is full granularity in user role configuration.

Each role is associated with application functions (screens or features within screens) and with a set of teams from the organisational structure. The users of the system can belong to one or more roles.
There is a set of detailed Global Functions which regulate exactly what a user may or may not do, such as make changes to absences, or see unpublished schedules.
Access restriction testing frequency Never
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS
ISO/IEC 27001 accreditation date In the process of migrating to UKAS accredited Certificate due September 2017
What the ISO/IEC 27001 doesn’t cover All operational areas are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Certificate

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All security incidents posing a threat to the information storage and processing facilities are reported and documented. For each reported incident it is required that a thorough investigation is conducted and remedial action taken leading to a satisfactory closure. All employees and contractors are made aware of what constitutes an information security incident and are familiar with the reporting procedures.

It is the responsibility of all employees and subcontractors to report any information security incident or suspicion to the ISO Security Officer and ensure that the incident is duly recorded on the Information Security Incident form. It is the responsibility of the Security Incident Management to take appropriate action to provide a prompt response to the incident and to facilitate normal operation as soon as safely possible. This is overseen by the Board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach To ensure the confidentiality, integrity and availability of the customer’s data proper security controls are applied within all information processing centers, with a formal change management process. Separating environments for development, testing and production controls are in place to back up the customer’s data. Backup and restore procedures are included in the Disaster and Recovery Plan (DRP).
Vulnerability management type Supplier-defined controls
Vulnerability management approach Controls are in place to detect and prevent malicious code from being executed on any system. These controls are regularly updated, e.g. the most recent versions of antivirus signatures are distributed as soon as they are available, to ensure detection and prevention of malicious attacks.
Protective monitoring type Supplier-defined controls
Protective monitoring approach In line with ISO 27001 accredited governance procedures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach In line with ISO 27001 accredited governance procedures.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £19 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Forecasting functionality is available as free-ware.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑