NEL Commissioning Support Unit

Workforce - Employee Management System

Workforce allows HR, finance and management teams to optimise resources. Managing expenses, annual leave and sickness can be costly, time consuming and disjointed. We have designed an employee management system that works in harmony with electronic staff records (ESR), HR policies and financial planning, saving you time, effort and resources.

Features

  • Overtime, leave and absence management
  • Expenses, time sheets and ePayslips
  • eForms, reporting and compliance
  • Calendars, structure charts and people finder
  • Seating plans and desk booking
  • Declarations of Interest
  • Business resilience
  • Appraisals and Learning and Development
  • Employee data cleanse
  • Interim and asset management

Benefits

  • Joins HR, finance and management teams
  • Works in harmony with NHS ESR (Electronic Staff Records)
  • Reduces, time, effort and resource required for successful workforce management
  • Proactive management of staff and resources
  • Real-time dashboards and reports

Pricing

£20.000 per unit

Service documents

Framework

G-Cloud 11

Service ID

5 0 3 5 3 8 0 7 9 1 3 5 5 8 1

Contact

NEL Commissioning Support Unit

Business Development

02036881000

nelcsu.businessdevelopment@nhs.net

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There is no cloud deployment. We offer a hosted solution which we operate from our own private cloud hosting environment held with UKFast.
System requirements
  • Modern Browser
  • UK Internet Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Typically within 2 hours but always within 24 hours (mon - fri)
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Single tier support level
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started First run wizard, help guides, training and familiarisation sessions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Export functions for certain modules, due diligence reports downloaded covering a number of modules. Expense, absence data fed back to ESR.
End-of-contract process Service ceases and site would be decommissioned.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface No
API No
Customisation available Yes
Description of customisation The system is configurable to run with different implementations

Scaling

Scaling
Independence of resources Dedicated support service backed by development service and in-house ICT service desk.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Online export functions for certain modules, data held with the payroll system so nothing to download.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 100% Up-time Guarantee
Approach to resilience We have a 100% uptime guarantee which is supported by UK Fast in a high availability environment i.e. if a server goes down, another automaticaly kicks in maintaining seemless uptime.
Outage reporting We report outages via email and other communications or issues through online messaging via user dashboards.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication Username or password.
Access restrictions in management interfaces and support channels Access control lists.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication Username and password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications IG Toolkit Level 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our policies and procedures ensure adherence to both UK and NSA law and professional requirements and are fully compliant with, but not limited to, the latest GDPR, Data Protection Act (DPA), Caldicott Principles and the 10 Data Security Standards (National Data Guardian). We have an IG Toolkit score of level 2 and the governance of our ICT service is underpinned by a workforce of engineers with ITIL version 3 certification. Whilst we have not sort formal certification for information security governance, the majority of our policies and procedures have been designed to adhere to ISO 27001 Security Standards.
Information security policies and processes As an NHS organisation we operate within the strictest data security controls. Our policies and procedures ensure adherence to both UK and NSA law and professional requirements and are fully compliant with, but not limited to, the latest GDPR, Data Protection Act (DPA), Caldicott Principles and the 10 Data Security Standards (National Data Guardian). We have an IG Toolkit score of level 2 and the governance of our ICT service is underpinned by a workforce of engineers with ITIL version 3 certification. Whilst we have not sort formal certification for information security governance, the majority of our policies and procedures have been designed to adhere to ISO 27001 Security Standards.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Full Configuration & Change Management - ITIL based approach utilising enterprise level ITSM tools.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Full Configuration & Change Management - ITIL based approach utilising enterprise level ITSM tools.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Full Configuration & Change Management - ITIL based approach utilising enterprise level ITSM tools.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Full Configuration & Change Management - ITIL based approach utilising enterprise level ITSM tools.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £20.000 per unit
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑