Gender Pay Gap Reporting and Analysis; and Ethnicity Pay Gap Reporting and Analysis
Gapsquare represents leadership in fair pay through technology, empowering organisations to build diversity & pay transparency into their policies through intelligent and intuitive software.
Gapsquare’s analytical software enables HR Teams to measure, understand and close the gender pay gap, ethnicity pay gap and beyond, building fairer workplaces for all.
- 100% data safety, security and integrity
- Guaranteed accuracy of data calculations on pay disparities
- What-if scenarios from the interactive dashboard
- Year on year data comparisons and trend analysis on pay
- Deep dive into your organisations' employee and pay data
- Detailed statistical analysis
- Data cleansing and expert equality and diversity consultancy
- Full regulatory/statutory compliance
- Automated narrative explaining the data
- Simple to understand and interpret outcomes
- Efficient and time effective production of gender pay gap data
- Instant reporting figures and insights into the gender pay gap
- Saving money on building action plans and fixing pay disparities
- Automated compliance with gender pay gap reporting
- Multiple users allowed
- Pay analysis across departments, age groups, job roles
- Equal pay analysis
- In depth analysis of workforce dynamics
- Ethnicity pay gap reporting uses same methodology as for gender
- EPG; White v BAME and White v specific ethnicities.
£1999 per licence per year
- Education pricing available
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Payroll or HR|
|Cloud deployment model||Public cloud|
|Service constraints||No constraints|
|Email or online ticketing support||Email or online ticketing|
|Support response times||For priority 1 support requests response time is 1 business hour, and resolution time is within 4 hours. Priority 1 requests are the ones that prevent the users from seeing their data and reports.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Gapsquare software for pay transparency and analysis is easy to use.
If needed we provide three levels of support: - support extracting and cleaning the data - support in using the software and analysing the data - support with understanding data and interpreting the results. Costs for the additional support services are available on the pricing information supplied and typically will fall within the initial on boarding cost or costs for other services.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Users sign up and can use the service immediately. We provide online video training as well as on site training when requested. User documentation in the form of FAQs is available.|
|End-of-contract data extraction||When the contract ends, users can download final reports if they do not wish to renew software. At the same time users can delete all data sets uploaded to the servers.|
|End-of-contract process||At the end of the contract, users are removed from the system.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of customisation||Users can choose to install the application on internal servers at additional cost. However, the installed version cannot provide trends and insights.|
|Independence of resources||We can scale horizontally depending on demand.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data can be exported in the form of PDF reports, or JPEG graphs and tables.|
|Data export formats||Other|
|Other data export formats||
|Data import formats||
|Other data import formats||XLXS|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Gapsquare provide at least a 99% uptime availability level in respect of the Software (“Uptime Service Level”) during each calendar month. This availability refers to an access point on the Supplier hosting provider’s backbone network. It does not apply to the portion of the circuit that does not transit the hosting provider’s backbone network, as the Customer is responsible for its own internet access. The total availability of the Software is calculated as one-hundred percent (100%) of the time, less the time that the Software is Unavailable.|
|Approach to resilience||This is available on request.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Only authorised users have access to management interfaces.
Access restrictions are defined in in-house policies and procedures e.g. Gapsquare's Access Control procedure and its User Registration and De-registration procedure.
Access is assessed and granted on a need to know and need to use basis. Assets have different levels of access generally falling into public, internal or confidential categories.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Less than 1 month|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We are currently in the process of preparing for certification.|
|Information security policies and processes||
Information Security is central to what Gapsquare does, protecting data throughout the business.
Gapsquare takes the necessary measures ensuring:
• Roles and responsibilities are defined
• Access control to all assets based on classification
• Risk management is rigorously applied
• Confidentiality agreement or NDA signed by employees and requirement to adhere to all policies
• Data is encrypted in transit
• Regular system backups
• Change control systems embedded
• Management of personal data
• Information security and business continuity with service providers
• Compliance with legal requirements
All polices are scrutinised and evaluated with effective cascading of information to all staff. Processes are monitored for compliance with international best practice.
Information Security policies are reviewed to implement ways of improving the Information Security Management System (ISMS). Reviews are triggered by:
• The analysis ISMS
• Internal/external audit
• Following an incident
• To implement a new technology or change in legislative requirements.
Gapsquare’s approach to managing IS and its implementation (i.e. control objectives, controls, policies, processes and procedures) shall be reviewed independently at planned intervals or when significant changes occur.
Managers regularly review compliance of information processing and procedures against appropriate security policies, standards or other security requirements.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Gapsquare is using agile software development methodologies.
All new requirements are recorded in the tracking system, and prioritised and added to a work schedule. During the specification of changes
the security implications are assessed and post build changes are tested for vulnerabilities and impact on existing system elements before being released. The Chief Technical Officer leads this work to ensure and maintain the system's integrity.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Vulnerability management is defined in our in-house Security and Risk management system, explicitly in the Risk Management Procedure and the Information Security Incident Management Policy. The related Risk Analysis spreadsheet sets out the supporting detail of vulnerabilities in rank order, with their impact and the risk mitigation processes.
Gapsquare is in process of implementing ISO 27001 security standards.
Software patches and updates are deployed out of hours to maintain system availability for users.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Identifying potential compromises is guaranteed by our cloud provider by providing performance and security monitor indicators as well a notification system.
According to our internal Information Security Incident Management policy all incidents are classified by type and severity, they are recorded, an action plan is defined for closing the incident to minimise or eradicate the potential for a repeat.
Depending on incident classification Gapsquare are able to react within an hour during normal office hours with a slightly longer response time out of hours.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our incident management process is defined Gapsquare’s Information Security Incident Management policy. All incidents or potential incidents are reported to firstname.lastname@example.org. The Technical department is responsible for classifying, recording and defining action plans and/or implementing all necessary corrective and preventive actions to mitigate and close the incident.
All incidents are recorded and the Information Security Manager or Chief Technology Officer is responsible to report the incident to senior staff.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£1999 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||This provides limited compliance with UK legislation for one user with a dataset of up to 10,000 employees. It will calculate the mean and median pay gap and the proportion of staff in each quartile only.It will not provide bonus information which is required for full compliance.|
|Link to free trial||https://app.gapsquare.com/register/1|