Hicom Technology Ltd

Accent Leave Manager

The Accent Leave Management system (previously Intrepid) is an on-line tool designed to help with the administration of leave requests. It uses self-service, enabling applicants to submit requests for leave on-line. Applications are sent through a chain of approvers, assigned directly to the individual or via their job.

Features

  • Budget and entitlement management
  • Self-service leave application administration
  • Leave administration for professional leave (study, exam, private, etc.)
  • Leave administration for other leave types (sick, annual, maternity.)
  • Leave approval chain management
  • Supports linear and/or concurrent leave application process
  • Automated approver notifications by email
  • Automated approval of leave applications based on pre-defined rules
  • ‘Key approver’ and approver over-ride & deputy functions
  • Batch approval of leave

Benefits

  • Fully paperless leave system
  • No lost applications
  • Supports online expenses
  • Daily/Weekly/Monthly reporting on finance
  • Significant timesaving through automation of the process

Pricing

£0.30 per person per year

  • Free trial available

Service documents

G-Cloud 9

435427346115778

Hicom Technology Ltd

Mark Vizard

01483 794945

mark.vizard@hicom.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Hicom will notify the Client of any planned service disruption or downtime, although we reserve the right to temporarily restrict access to the service outside of normal Service Hours without notice to undertake system upgrades or maintenance. Hicom also reserve the right to limit use of the service to within Service Hours in the event that a risk is identified by use of the service outside of the Service Hours.

Access to the system is provided via N3/HSCN.
System requirements Provision of industry standard browsers for each PC

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Hicom guarantee to respond to all support calls within eight working hours from the time of receipt of the call. Response to critical problem will be within two working hours from the time of the call.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide:

- First-line support: Basic level user and technical support. Also used to gather information and analyze a problem

- Second-line support: In depth technical support used to troubleshoot and solve problems

- Third-line support: Expert support for complex issues. Also used to support first and second line support

All levels of support are provided through payment of the standard support and maintenance charge.

A technical Account Manager is provided.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a comprehensive package of user training. The standard package includes on site training, but online training can also be provided. This training involves all elements necessary for users to utilise the sytem. In addition, administrative training will also be provided and, optionally, report builder training can also be delivered. User manuals and, where relevant, technical documentation is also provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is extracted by Hicom on request in a format dependent on future needs.
End-of-contract process The following activities can take place at the end of the contract:

- Analysis and design: We would be keen to either provide the replacement system, or provide consultancy around the nature of the requirement. This would include comprehensive legacy analysis of the existing system to inform the requirements of the next (additional cost).
- Configuration and change management: Any change requests or defect reports will be passed to the developers of the subsequent system (additional cost).
- Data will be provided as IFF (included).
- Operations and support: The final release will still be supported until it is finally removed as long as this stage is still within contract(included).
- Transition consultancy: General consultancy is offered to enable the move to the replacement system. This may include consultancy around data migration and, specifically, around the data schema (additional cost)

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No major difference. Some small difference in how screens are rendered.
Accessibility standards None or don’t know
Description of accessibility Although not compliant to WCAG 2.0 AAA, WCAG 2.0AA or WCAG 2.0A, we are aware of these standards and incorporate them wherever possible into the design of all of our software. This awareness of Web Content Accessibility Guidelines (WCAG) 2.0 ensures that content is accessible to a wider range of people with disabilities as well as making our web content more usable to users in general.
Accessibility testing Our experience of interface testing with users of assistive technology is limited. However, we are aware that WCAG 2.0 success criteria are written as testable statements and are seeking to integrate this into our testing procedures.
API No
Customisation available Yes
Description of customisation Users have limited ability to customise the service. This includes menu items, data entry templates, document templates and, to a limited extent, the look and feel of the interface. This ability is limited to those users who have appropriate role based access controls.

Scaling

Scaling
Independence of resources This is achieved through the following:
- Appropriate hardware: Our data centre in Brookwod in Surrey is constantly monitored to ensure it has the capability to provide the service for our current and projected workload. If required, new hardware and other infrastructure is added to accommodate demand
- Efficient software design: Our systems are designed to ensure the most effective use of service resources are made
- Our SLA: Users of the system can rely on the service level outlined in our service level agreement to ensure appropriate system provision

Analytics

Analytics
Service usage metrics Yes
Metrics types The following service usage metrics can be provided on request:

- Core user actions: Are users consistently using predefined core user actions?
- Activity time: The number of times a user visits a service and the elapsed time they spend
- Visit frequency: How often does a user return to a service
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach FIPS assured encryption
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported either by using pre-formatted, customisable audit reports or by creating their own reports via report builder.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JPEG
  • PNG

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Physical security.

Availability and resilience

Availability and resilience
Guaranteed availability Hicom will endeavour to make the service available without disruption during Service Hours; however allowances should be made within this period for essential service downtime to enable critical software upgrades and system maintenance to be carried out.

Hicom guarantee system availability for 99.5% of the time during the Service Hours, however guarantees cannot be provided on the N3/HSCN network connectivity that exceeds the SLA in place with BT. The N3/HSCN network connection is provided by British Telecom and Hicom have a Service Level Agreement with BT for continuity of service in the event of a fault or failure of the N3/HSCN network connection.

The 99.5% service availability objective equates to 10.4 hours of downtime during Service Hours within the contract year. Subject to the conditions set out in the full SLA, in the event that the service is not available for more than 20 hours within the Service Hours in any one contract year then the current contract period will be extended by 10 days without charge. For each additional 10 hours of downtime within the Service Hours in the same contract year, the current contract period will be extended by a further five days.
Approach to resilience This information is available on request.
Outage reporting All outages are reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels All access to the system, including management interfaces, is provided by Role Based Access Control dependent on successful entering of a username and password. As the system is hosted within the N3/HSCN network this adds a higher level of security. Where possible access control lists are used to restrict access by IP address.

Access to online support is similarly managed by Role Based Access Control, whilst those accessing telephone support may be asked to prove their identity if required. Where possible access control lists are used to restrict access by IP address.
Access restriction testing frequency At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 16/06/2015
What the ISO/IEC 27001 doesn’t cover We believe this covers all of our activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 accredited and, as such, our information security policies and processes are guided by this. This, therefore dictates the following:
• Information security policies
• Organization of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Compliance; with internal requirements, such as policies, and with external requirements, such as laws

ISO 27001 compliance is managed by our Office and HR Manager Elaine Smart who reports directly into our Board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes related to the product specification (configuration) are either captured by the Project Manager if the system is still being implemented, or by our support department or the clinical account manager if the system has already been implemented. These are then tasked as Requests for Change and prioritised for implementation

Changes in the project processes or baseline (time, money etc.) are dealt with via the Project Manager and, if necessary the relevant Hicom Product Manager. If a change is identified, all affected project parameters will be assessed, analyzed for impact and acted upon.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability management process can be seen as follows:
- The information team review threats on a case by case basis
- Once alerted they review technical guidance regarding threats and other sources to identify a plan of action
- Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours
- Information about threats are gained from suppliers, industry sources, and industry publications
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our protective monitoring process can be seen as follows:
- The information team review potential compromises on a case by case basis
- Once alerted they review technical guidance regarding potential compromises and other sources to identify a plan of action
- Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours
Incident management type Supplier-defined controls
Incident management approach Our approach to incident management is informed by ITIL. As such it is made up of the following components:
- Incident detection and recording
- Classification and initial support
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
- Ownership, monitoring, tracking and communication
Users report incidents through the support service defined in our standard SLA and incident reports are provided via the relevant Product Specialists.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.30 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A trial of the System and one optional component (excluding interfaces) is available for 30 days, subject to approval. This is designed to give full access on a time-limited basis to assess benefits of implementation.

The trial will be run in accordance with agreed principles. A trial agreement is available.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑