Gapsquare Limited

Gender Pay Gap Reporting and Analysis; and Ethnicity Pay Gap Reporting and Analysis

Gapsquare represents leadership in fair pay through technology, empowering organisations to build diversity & pay transparency into their policies through intelligent and intuitive software.

Gapsquare’s analytical software enables HR Teams to measure, understand and close the gender pay gap, ethnicity pay gap and beyond, building fairer workplaces for all.


  • 100% data safety, security and integrity
  • Guaranteed accuracy of data calculations on pay disparities
  • What-if scenarios from the interactive dashboard
  • Year on year data comparisons and trend analysis on pay
  • Deep dive into your organisations' employee and pay data
  • Detailed statistical analysis
  • Data cleansing and expert equality and diversity consultancy
  • Full regulatory/statutory compliance
  • Automated narrative explaining the data
  • Simple to understand and interpret outcomes


  • Efficient and time effective production of gender pay gap data
  • Instant reporting figures and insights into the gender pay gap
  • Saving money on building action plans and fixing pay disparities
  • Automated compliance with gender pay gap reporting
  • Multiple users allowed
  • Pay analysis across departments, age groups, job roles
  • Equal pay analysis
  • In depth analysis of workforce dynamics
  • Ethnicity pay gap reporting uses same methodology as for gender
  • EPG; White v BAME and White v specific ethnicities.


£1999 per licence per year

Service documents


G-Cloud 11

Service ID

5 6 5 9 2 0 7 5 2 3 1 4 8 6 9


Gapsquare Limited

Sian Webb


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Payroll or HR
Cloud deployment model Public cloud
Service constraints No constraints
System requirements
  • Works on all modern browsers
  • CSV or XLXS files for data uploads

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For priority 1 support requests response time is 1 business hour, and resolution time is within 4 hours. Priority 1 requests are the ones that prevent the users from seeing their data and reports.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Gapsquare software for pay transparency and analysis is easy to use.
If needed we provide three levels of support: - support extracting and cleaning the data - support in using the software and analysing the data - support with understanding data and interpreting the results. Costs for the additional support services are available on the pricing information supplied and typically will fall within the initial on boarding cost or costs for other services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users sign up and can use the service immediately. We provide online video training as well as on site training when requested. User documentation in the form of FAQs is available.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction When the contract ends, users can download final reports if they do not wish to renew software. At the same time users can delete all data sets uploaded to the servers.
End-of-contract process At the end of the contract, users are removed from the system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Users can choose to install the application on internal servers at additional cost. However, the installed version cannot provide trends and insights.


Independence of resources We can scale horizontally depending on demand.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported in the form of PDF reports, or JPEG graphs and tables.
Data export formats Other
Other data export formats
  • PDF
  • JPEG
Data import formats
  • CSV
  • Other
Other data import formats XLXS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Gapsquare provide at least a 99% uptime availability level in respect of the Software (“Uptime Service Level”) during each calendar month. This availability refers to an access point on the Supplier hosting provider’s backbone network. It does not apply to the portion of the circuit that does not transit the hosting provider’s backbone network, as the Customer is responsible for its own internet access. The total availability of the Software is calculated as one-hundred percent (100%) of the time, less the time that the Software is Unavailable.
Approach to resilience This is available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Only authorised users have access to management interfaces.
Access restrictions are defined in in-house policies and procedures e.g. Gapsquare's Access Control procedure and its User Registration and De-registration procedure.
Access is assessed and granted on a need to know and need to use basis. Assets have different levels of access generally falling into public, internal or confidential categories.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are currently in the process of preparing for certification.
Information security policies and processes Information Security is central to what Gapsquare does, protecting data throughout the business.
Gapsquare takes the necessary measures ensuring:
• Roles and responsibilities are defined
• Access control to all assets based on classification
• Risk management is rigorously applied
• Confidentiality agreement or NDA signed by employees and requirement to adhere to all policies
• Data is encrypted in transit
• Regular system backups
• Change control systems embedded
• Management of personal data
• Information security and business continuity with service providers
• Compliance with legal requirements

All polices are scrutinised and evaluated with effective cascading of information to all staff. Processes are monitored for compliance with international best practice.

Information Security policies are reviewed to implement ways of improving the Information Security Management System (ISMS). Reviews are triggered by:
• The analysis ISMS
• Internal/external audit
• Following an incident
• To implement a new technology or change in legislative requirements.

Gapsquare’s approach to managing IS and its implementation (i.e. control objectives, controls, policies, processes and procedures) shall be reviewed independently at planned intervals or when significant changes occur.

Managers regularly review compliance of information processing and procedures against appropriate security policies, standards or other security requirements.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Gapsquare is using agile software development methodologies.
All new requirements are recorded in the tracking system, and prioritised and added to a work schedule. During the specification of changes
the security implications are assessed and post build changes are tested for vulnerabilities and impact on existing system elements before being released. The Chief Technical Officer leads this work to ensure and maintain the system's integrity.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is defined in our in-house Security and Risk management system, explicitly in the Risk Management Procedure and the Information Security Incident Management Policy. The related Risk Analysis spreadsheet sets out the supporting detail of vulnerabilities in rank order, with their impact and the risk mitigation processes.
Gapsquare is in process of implementing ISO 27001 security standards.

Software patches and updates are deployed out of hours to maintain system availability for users.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Identifying potential compromises is guaranteed by our cloud provider by providing performance and security monitor indicators as well a notification system.
According to our internal Information Security Incident Management policy all incidents are classified by type and severity, they are recorded, an action plan is defined for closing the incident to minimise or eradicate the potential for a repeat.
Depending on incident classification Gapsquare are able to react within an hour during normal office hours with a slightly longer response time out of hours.
Incident management type Supplier-defined controls
Incident management approach Our incident management process is defined Gapsquare’s Information Security Incident Management policy. All incidents or potential incidents are reported to The Technical department is responsible for classifying, recording and defining action plans and/or implementing all necessary corrective and preventive actions to mitigate and close the incident.
All incidents are recorded and the Information Security Manager or Chief Technology Officer is responsible to report the incident to senior staff.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1999 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial This provides limited compliance with UK legislation for one user with a dataset of up to 10,000 employees. It will calculate the mean and median pay gap and the proportion of staff in each quartile only.It will not provide bonus information which is required for full compliance.
Link to free trial

Service documents

Return to top ↑