JMS Infotech Ltd


JMS One is a cloud based real-time staff management system for clients requiring end to end staff management. Seamless automation links on-boarding, compliance, rota, bank and agency bookings, time management and integrated timesheets. JMS One can be accessed either via the web or mobile app.


  • Automated job booking system
  • Integrated online timesheets
  • Manage your bank and agency shifts
  • Reporting suite with graphs and Excel reports
  • Automated notifications by email or app
  • Cancelled shifts re-posted automatically
  • Web based user interface
  • Mobile app available for iOS and Android
  • Compliance module (Summer 2019)
  • Automated rota (Autumn 2019)


  • Efficiently manage your workforce
  • No need for emails or phone calls
  • Find staff to cover your shifts in an instant
  • Proven to regularly fill shifts within 60 seconds
  • Relevant stakeholders updated automatically
  • Fully transparent to both candidate and client
  • Provides traceability and control
  • Enhances your analysis and planning
  • Rapid robust and reliable
  • Accessible 24/7 from any device


£50 per unit per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 6 2 0 8 4 1 7 9 4 5 7 6 4 3


JMS Infotech Ltd

Kevin Collett


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Website users require a suitable browser with internet access
  • Mobile app users require either Android or iOS operating system

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All emails received by JMS One support team will be actioned within one working day, excluding weekends and public holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels On-site support is a client bespoke provision. Service levels are individually negotiated with each client.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started All clients are allocated a dedicated Client Advocate. The Client Advocate will meet with the client to capture their requirements and discuss what they need to achieve from the system. Once agreed, our support team will configure the system as per the client's needs.

On-site training sessions are offered to all new clients to help with their onboarding process. All new users have access to a range of support materials to help them use the system, including an integral how-to-guide for users of the JMS One mobile app.

When applicable, we can assist the client to migrate their data into the JMS One system.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats In-app user guide
End-of-contract data extraction Clients can extract their data at contract end by contacting their Client Advocate who will arrange the data extraction with the support team.
End-of-contract process As contract end approaches, your Client Advocate will meet with you to review contract performance. At this time, we can also discuss any requirements you have in terms of data migration, data extraction or reporting should you not wish to renew.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The JMS One mobile app is currently available for workforce users only. Functionality will be extended to client users by the end of 2019.
Service interface Yes
Description of service interface JMS One can be accessed in two ways, via the JMS One website or via the JMS One mobile app.

Workforce users can manage their shifts and timesheets using either the website or the mobile app.

The JMS One mobile app will be made available to client users by the end of 2019.

Client users can manage shifts, timesheets and their workforce, and can also run a range of reports using the website.
Accessibility standards None or don’t know
Description of accessibility We are exploring ways of making JMS One more accessible in the near future.
Accessibility testing We are exploring ways of making JMS One more accessible in the near future.
Customisation available Yes
Description of customisation The system is fully configurable and can be customised in many ways, including:

Modular approach allowing client to choose features appropriate to their business needs.

Clients can work to a centralised or decentralised model.

Workforce registration can be configured with application questions bespoke to specific job roles.

Compliance document requirements can be tailored to client needs.

Automatic or manual timesheets branded with client's logo and colour scheme.

Shift patterns can be set for individual working locations.

User permissions can be set to organisational needs in line with individual job roles.

Customisation requests should be made to the support team who will apply the customisations accordingly.


Independence of resources The JMS One servers utilise load balancing which ensures traffic is always directed to the server with the most available capacity at that time.


Service usage metrics Yes
Metrics types Transactional metrics can be obtained using the inbuilt reporting facility. Other metrics as required can be obtained by a request made to the JMS One support team.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Client users can export data from the JMS One website using an Export to Excel function. There is also functionality to generate graphical reports which can be exported as PDF. Should the client require any additional reporting, they can contact their Client Advocate for advice.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF reports
Data import formats Other
Other data import formats Data imports are currently handled by JMS One support.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability JMS One is available 24 hours per day, 7 days per week, 365 days per year, with a target uptime of 99.9%.
Approach to resilience The JMS One website and database are stored in multiple servers across different locations. This allows an automated instantaneous switchover should any server become unavailable. In the event of a disaster recover situation, JMS One operates to a 2 hour recovery time objective (RTO) with a 7.5 minute recovery point objective (RPO).
Outage reporting In the event that JMS One is not available, a message will be displayed to inform users along with an expected time for resumption of service.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to management and support functionality is determined by role specific permissions, which can also be configured to client requirements.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We adopt a unified view of how security impacts our organisation. We have scoped out which data needs to be protected, identified associated risks and have created strategic policies to ensure compliance. We regularly monitor and review risk and have created a framework of established solid policies and guidelines whilst promoting agility and adaptability.
Information security policies and processes Access Control Policy:

Outlines access available to employees with regards to data and information systems.

Information Security Policy:

High-level policy covering security controls. Primary policy is issued by the company to ensure all employees using information technology assets within the organisation comply with stated rules and guidelines. This ensures employees recognise there are rules which they will be held accountable to regarding the sensitivity of data, corporate information and IT assets.

Remote Access Policy:

Outlines and defines acceptable methods of remote connection to internal networks with specific rules for use of BYOD assets.

Email/Communication Policy:

Formally outlines how employees can use electronic communication mediums. The primary goal is to provide guidelines to employees on what is considered acceptable and unacceptable use of corporate communication technology.

Disaster Recovery Policy:

Policy contributing to the larger business continuity plan, we use multiple servers across different locations, working to a 2-hour recovery time objective (RTO) and a 7.5 minute recovery point objective (RPO).

Business Continuity Plan:

Co-ordinates efforts across the organisation along with the disaster recovery plan to restore hardware, applications and data deemed essential for business continuity.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management system tracks versions of hardware and software, and compatibility with all servers in the cluster. We record and document baseline versions and agree processes with all development team members to ensure compliance. Version control is managed by Subversion. We use common standard scripts to automate building, testing, integration and deployment, and undertake regular audits to ensure configuration and change management processes are maintained correctly and consistently.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Working to a pre-defined scope, our vulnerability management process consists of regular (scheduled) and random vulnerability scans performed across all servers and platforms. Any issues identified during these scans are recorded including the number of vulnerabilities detected and the severity/risk rating of identified vulnerabilities. These reports are analysed in order to determine risk and a remediation plan is prepared with clear deadlines for implementation of any required actions.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our protective monitoring process establishes ongoing collection and analysis of all log and event data, reviewing of activities, and performing real-time advanced correlation and pattern recognition. This includes information security controls including inspection of firewall logs, investigation of operating system security alerts and monitoring of Intrusion Detection Systems (IDS). This information is stored in order to provide an audit trail of security relevant events of interest. The information is reviewed on both a scheduled and random basis and will alert on individual and broader malicious events, simplifying remediation and helping to mitigate risk.
Incident management type Supplier-defined controls
Incident management approach Our incident management process aims to restore service as quickly as possible, minimise adverse operational impact, and ensure service levels are maintained. We apply standardised methods and procedures covering the response, analysis, documentation, management and reporting of incidents. Once an incident is identified, first level support aim to recover service as quickly as possible. If an incident cannot be resolved immediately, second level support will aim to provide resolution within agreed timelines. Our monitoring and escalation process ensures incidents are continuously monitored, providing any additional resources required to resolve high priority incidents and maintain service level agreements.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Free trial with full functionality available on request for up to 30 days.

Service documents

Return to top ↑