PeopleDoc UK Ltd.

Employee Case Management

PeopleDoc Employee Case Management gives your HR team the solutions required to provide the consumer-level of service employees have come to expect. The solution provides an on-demand personalised HR knowledgebase for employees, contextualised routing of employee requests, self-service and powerful robotic process automation that can operate across multiple software platforms.

Features

  • Integration with core HR system
  • Integration with IT ecosystem outside HR
  • Open and secure APIs
  • Real-time reporting for HR, e.g. SLA compliance, document expiry
  • Responsive design, supporting platform access from any device
  • Operating system and browser agnostic
  • Configurable and manageable by HR (no IT involvement necessary)
  • Digitalisation for HR documents, services and processes
  • Granular and robust role-based permission model
  • SaaS solution supporting agile HR configuration (no customisation needed)

Benefits

  • Empowers employees to find personalised, relevant HR information, when needed
  • Move to HR Tier Zero Self-Service environment by employee self-service
  • Automated workflows for frequent HR requests, reducing HR efforts
  • Securely contain request information, documentation, communication
  • Support HR transformation efforts with easy-to-use digital tools
  • Maximises efficiency, compliancy, streamlines processes across HR organisation
  • Improves the employee experience, satisfaction/engagement and HR efficiency
  • Approval and e-signature tasks, forms and workflows digitise processes
  • Forms gather data in structured way, eliminating HR rekeying
  • Configurable automation, notification, and SLA configuration/escalation support HR services

Pricing

£0.53 to £2.97 a person a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at luke_black@ultimatesoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 9 2 0 8 7 5 5 9 5 3 6 3 0 8

Contact

PeopleDoc UK Ltd. Luke Black
Telephone: 07584 417599
Email: luke_black@ultimatesoftware.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Complimentary HRIS and HRIT and auxiliary HR Services. Integration in IT ecosystem
Cloud deployment model
Private cloud
Service constraints
Subject to our SLA this service is delivered with a 99.5% uptime. Browser support for access to the platform is updated in our release notes.

Other than this there are no constraints to access to our platform.
System requirements
  • Vendor supported versions of Apple, Microsoft, Google & Firefox browsers
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support hours are 9am to 6pm on UK business days. Tickets can be opened 24/7.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Standard support (online support portal, phone and online support, Customer Success Manager) is included in annual subscription fee.
Premium Success Service customers (at additional costs) receive a greater level of technical resources and support, including:
• Unlimited access to a staging environment for testing and “what if” scenarios.
• Direct line for providing product feature requests to the development team.
• 24/7 phone support for Level 1 issues and priority handling of tickets.
• Regular monitoring of your system and any support tickets by your CSM.
Benefit from the knowledge and collaboration of HR tech experts in the PeopleDoc network include:
• Four custom expert sessions tailored to the topics and goals you choose.
• Four PeopleDoc University Passes for unlimited online training.
• Peer-based learning and networking with other Premium customers.
Premium Success Services customers get support with facilitating Change Management including training programmes, when introducing new technology and when HR tech landscape or priorities change. PeopleDoc experts can serve on your HR Governance team as needed.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training during implementation then ongoing support
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers can access and download the totality of their files and data at any time during the contract and at the end of contract. The files can be downloaded in their original format. Customer content will be made available free of charge upon termination of the contract. Customers have 30 days to download their content after contract termination. Any copy of the data shall be destroyed by PeopleDoc within thirty days of its return, which shall be evidenced by a receipt signed by the customer.
End-of-contract process
Customers can access and download the totality of their files and data at any time during the contract and at the end of contract. The files can be downloaded in their original format. Customer content will be made available free of charge upon termination of the contract. Customers have 30 days to download their content after contract termination. Any copy of the data shall be destroyed by PeopleDoc within thirty days of its return, which shall be evidenced by a receipt signed by the customer.
Moving to a new platform/ system is only supported at additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
PeopleDoc is built using Responsive Design technology which means the solution is designed to optimise the user experience while allowing full feature access through mobile devices. The PeopleDoc application is accessed through a device's browser and the screen resizes based on the mobile device, e.g., phone vs tablet.
Service interface
Yes
Description of service interface
All PeopleDoc customers have access to the customer self-service support portal. This is an engaging and simple to use interface that contains product knowledge base articles, documentation, training videos, and our ticketing system to report any product issues.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Regarding accessibility, we strive for significant conformance to the WCAG 2.1. AA guidelines, and we have made progress in some areas as for example improving accessibility in the design system that most PeopleDoc products consume as their UI framework. Our goal as an organisation is WCAG 2.1 AA. However, we haven't reached that goal yet.
As of today PeopleDoc has yet to perform interface testing with users of assistive technology.
API
Yes
What users can and can't do using the API
PeopleDoc has been integrated with more than 350 different customer systems via REST API
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The PeopleDoc SaaS solution is highly configurable and can be administered by HR staff without special skill sets required (no coding or IT resources required). Properly permissioned administrative users can:
• add, change, and modify system configurations for things such as organisational structure, employee file management folder structure and document types, document expiration policies, case/request forms (drag-and-drop form builder), knowledgebase articles, and business rules (including SLAs, routing, workflow actions, escalation, priority status, email notifications, etc.)
• manage signature templates,
• create and manage advanced document generation templates, secured shared folders, legal hold, role-based security permissions, metadata tags, etc.
Configurations are retained with each release.
PeopleDoc does not permit ‘customisation’ which typically involves changes to the code base.

Scaling

Independence of resources
The PeopleDoc application is highly scalable. By heavily relying on virtualisation in combination with micro services architecture, new VMs are generated on-the-fly as needed.
Concurrent usage does not degrade performance.
PeopleDoc is provided as multi-tenant SaaS solution with segregation between customer instances.

Analytics

Service usage metrics
Yes
Metrics types
Statistic dashboards include:
• volume - category breakdown
• SLA performance
• open/closed cases over time
• cases created
• close rate
• close rate within deadline
• created/closed within last 3 months
• request status
• requests requiring attention
• overdue requests
• created requests by category
• first response time
• resolution time average
• created/closed within last 3 months
• resolution time average by category
• SLA status by category
• total article views by month 18 months
• total views by category
• Categories article views vs. requests created
• Top 10 keywords usage
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
PeopleDoc delivers ‘at-rest’ encryption as part of our standard services:
● User data (employee profile, emails, passwords hash, etc.…) is stored in database clusters relying on encrypted file systems (LUKS and cryptsetup with AES-256 keys).
● Documents are encrypted when they are uploaded into our Electronic Archiving System. PeopleDoc uses an on-the-fly AES-256 key generation to perform the encryption.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
An export function exists on the interface, in addition on public API available on request that allow users to export data.
All data can be extracted in its original format at any time.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Data in original format
  • Office 365 based formats
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • Any common document format

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
PeopleDoc guarantees an uptime SLA of 99.5% availability
If PeopleDoc does not meet the Availability Rate for the PeopleDoc Solution during a calendar month, then Customer shall notify PeopleDoc in writing (which writing may be an e-mail) within 30 days from the end of the calendar month for which the Availability Rate was not met and PeopleDoc will promptly issue to Customer a credit (“Availability Credit”) calculated as follows: 1% of the total Recurring Fee for the Recurring Service for the current month (i.e. the Annual Recurring Fee divided by 12) for each 0.1% below the Availability Rate.
Recovery Time Objective is 4 hours and Recovery Point Objective is 2 hours.
Approach to resilience
Detailed information on our technical architecture and data centre setup is available on request.
All data stored in PeopleDoc is backed up extensively in geographically different locations. Our databases run in redundant clusters that ensure point in time recoverability. Documents stored in our electronic archiving system (EAS) are backed up and synchronised in short time intervals, ensuring a minimum loss of data in case of disaster.
PeopleDoc provides you with a fully reliable, scalable cloud environment deployed on a secured, managed, and dedicated physical infrastructure. This means your company’s data will not intermingle with another customer’s.
Rackspace and Ecritel provide us with world-class data centres to host our dedicated physical servers, with physical network architecture. To strengthen security, physical servers are virtualised using the open source technology Openstack.
Rackspace and Ecritel data centres are highly secure and are engineered with fully redundant connectivity, power, and HVAC to avoid any single point of failure. Each data center is staffed 24/7 by highly trained technical support staff. We are committed to keeping your data safe from harm, so we use a secondary data centre for data redundancy and disaster recovery purposes.
Outage reporting
PeopleDoc offers an online status gauge (https://status.people-doc.com/) where customers can subscribe on any platform downtime notification and access to our incident reports.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
PeopleDoc supports logical identity management within the application itself and Secure Assertion Markup Language SAML 2.0 Single Sign On.
Access restrictions in management interfaces and support channels
In general, customer can choose to use IP-whitelists to restrict access.
In addition, PeopleDoc's role-based permission enables customer to set-up secure, role-based access.
Access requests can be sent via the interface (forgotten password, etc.).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
PeopleDoc supports logical identity management within the application itself and Secure Assertion Markup Language SAML 2.0 Single Sign On. When using SAML, users log in to the corporate system (authenticated by Active Directory, OneLogin, or LDAP for example) and click a link to access a module of the PeopleDoc platform and are automatically logged in.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
03/01/2020
What the ISO/IEC 27001 doesn’t cover
All PeopleDoc services are certified.
Full details of the certification are provided on request.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
2017
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
All PeopleDoc and its services are covered in the CSA STAR certification.
PCI certification
No
Other security certifications
Yes
Any other security certifications
ISO27018

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
PeopleDoc’s ISMS is ISO/IEC27001 certified. It covers all of the following chapters:
1. Leadership
2. Planning
3. Support
4. Operational planning and control
5. Performance evaluation
6. Management Review
7. Information security policies
8. Organization of information security
9. Human resource security
10. Asset management
11. Access Control
12. Cryptography
13. Physical and environmental security
14. Operations security
15. Communications security
16. System acquisition, development and maintenance
17. Supplier relationships
18. Information security incident management
19. Information security aspects of business continuity
management
20. Compliance
All employees have to pass trainings and certifications at least yearly for all or at least part of these policies (depending on role within PeopleDoc).

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
About 30% of the R&D team is dedicated to the Continuous Deployment Process and the quality improvement of our software and deployment process. The team’s goals include:
• Faster tests to get feedback faster
• Increase functional & performance test coverage
• Automatic deployments & automatic provisioning of end-to-end test data
Quality is measured using:
• Code quality standards
• Feature quality and non-regression
• Performance quality
• Security quality
• Deployment tests
Configuration management of the development environment is done through Ansible.
We conduct full audits (black box, grey box, code audit) led by external companies.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Penetration Tests and Vulnerability Scans: Every week, automatic penetration tests and vulnerability scans are conducted on all public entry points.
Audits: Applications are constantly audited to ensure up-to-date security:
o Annual Security Review with specialised security firms (Blackbox, GreyBox, and Code Review)
o Private bug-bounty program with handpicked security specialists
o Offensive and continuous web assessments with Ambionics Security Solutions
PeopleDoc partners with CloudFlare to provide enterprise grade protection against DDoS (Distributed Denial-of-Service) and web-application vulnerabilities through a Web Application Firewall.
• Logs: Every access and every transaction is logged in a dedicated tool. Logs are archived and encrypted offsite.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
PeopleDoc's monitoring systems use automated alerting and escalation. We leverage a 24/7 SOC team of full time Global Security employees.
PeopleDoc is using monitoring tools with centralised logging and SIEM for security monitoring, analysis and alerting. PeopleDoc centrally manages the configuration of all threat detection systems, and configures them to auto-update themselves.
PeopleDoc implemented a Data Breach notification policy.
PeopleDoc has an Incident Management process that escalate from minor incidents to crisis with senior management involvement.
As soon as a critical incident is detected the escalation manager starts assembling experts to solve it as soon as possible.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
PeopleDoc's Incident Response plan is aligned with industry standards. PeopleDoc's Incident Management process escalates from minor incidents to crisis with senior management involvement.
PeopleDoc has documented its Incident Response Plan and its Data Breach Incident Response plan, these are integrated into its ISO/IEC 27001-certified ISMS. Playbooks are available to our security team.
Users report incidents to our security team via the security email address, via tickets, or for customers via their customer success manager.
General incidents reporting are available through our platform. In case of specific incidents impacting the client's platform, the reporting will be done by customer success manager.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.53 to £2.97 a person a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at luke_black@ultimatesoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.