Crown Workforce Management
Crown Workforce Management is an operational management software solution that helps organisations plan and allocate workforce resources effectively, with real-time management of complex contractual arrangements. It automates working/flexitime, leave/absence management with workflow and reporting, and provides self-service functionality. There are also optional Activity Management, HR, Rostering/Scheduling and Workforce Analytics modules.
- Real-time management of flexi-time and flexible working hours balances
- Simple employee scheduling and rostering to manage coverage within budgets
- Automated leave and absence request and authorisation workflow
- Real-time absence and return to work automation and alerts
- Working time legislation compliance automation and alerts
- Employee Self-Service to initiate workflow and check personal information
- Reporting & Analytics schedules and delivers management information
- Adaptable phrase dictionary to modify system language and terminology
- Template-based integration with payroll systems
- HR module including functionality for talent management, recruitment and training
- Real-time visibility of manager and employee flexitime information
- Reduce payroll and administration costs and maximise productivity
- Consistent and confident working time compliance and reporting
- Align service delivery with labour budgets to manage costs
- Ensure coverage and service levels are consistently met
- Flexible configuration to customer and departmental needs
- Data collection and self-service methods suited to different employee types
- On demand and fully auditable working time records
- Reduce absenteeism and identify absence trends
- Prevent abuse of working time and leave management policies
£0.85 to £2.16 per person per month
7 0 9 0 4 8 4 5 8 3 9 4 2 1 1
Crown Computing Limited
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||Crown will on an occasional basis plan system maintenance and upgrades, which will be notified to the customer in advance.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Crown aims to respond to support queries within 2 working hours during standard support hours (08:30 to 17:30 Monday to Friday excluding English Bank Holidays) .|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The Customer Support Desk is available from 08:30 hrs to 17:30 hrs Monday to Friday excluding Bank Holidays. Support may be provided outside these hours by prior arrangement.
All calls are logged and the customer will be asked to indicate the urgency of the problem and be provided with a unique Crown reference number. There are three levels of severity - 1=Critical, 2=Urgent and 3=Minor. Whenever a customer identifies a problem they should raise the problem with the Crown Support Desk, the problem can be submitted via telephone, email or online via the Crown Customer Services web site.
The customer should present the problem in as much detail as possible and in particular indicate its severity. The support service is included in the costs shown in the G-Cloud 11 Pricing Document.
Crown does not have dedicated technical account managers or cloud support engineers as all support staff are trained to handle cloud support queries.
|Support available to third parties||Yes|
Onboarding and offboarding
The level of provision will be defined in terms of the number of users of the service. The buyer would need to provide the number of employees to be managed through the service and the number of super users and line managers who need to access the software to manage other employees.
Crown would write to confirm formally the cost of service and provide the service contract.
On your confirmation by signing the Service Agreement Contract and providing a Purchase Order, Crown would then initiate the service.
Crown would provide either onsite or remote implementation and training, depending on the needs of the customer. Standard training materials would also be provided. Tailored user guides can be created at an additional cost if required.
|End-of-contract data extraction||
On Completion of the service period contract or termination under the agreed contract terms (subject to the minimum period) the Off Boarding process will follow:
1) All User Access to the Service will be terminated 2) The database will be backed up (Termination Backup) and this backup will be provided to the buyer 3) The Termination of Service Backup will be held securely for a maximum of one month or until the buyer confirms receipt of the database, whichever is the shorter period 4) All copies of Backups held by Crown will be destroyed
At the end of the contract period, the buyers right to access the service will cease and the subscription payments will stop, as per the call-off agreement.
Included in the price of the contract are rights to access the software, software maintenance and technical support, cloud hosting and application management. In addition to the monthly subscription, there are additional costs for implementation and training services, which are estimated in the G-Cloud 11 Pricing Document.
Data collection devices for capturing time and attendance data and any desktop or mobile technology used for accessing the system are not included in the costs. Provision of clocking devices can be included at an additional cost.
Ad hoc consultancy services are available at an additional cost at a fixed daily rate.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Our employee self-service (ESS) application is optimised for use on desktop and tablet devices. The optional Crown Mobile module is specifically designed for use on mobile phones by employees.|
|Description of service interface||Crown WFM has web based interface through which employees (including managers) can access the system. Depending on the employees access level they will be able to access self-service (using functions such as absence registration and activity booking) or a manager interface (using functions such as absence approvals and exception handling).|
|Accessibility standards||None or don’t know|
|Description of accessibility||The system provides functions that are used for managing employees and accessing self-service data. There are options with different colour schemes (such as high contrast screens for visually-impaired users) which can be set at a user level. Screens can also be zoomed to make them easier to read for certain types of user.|
|Accessibility testing||Crown have not completed specific interface testing with users of assistive technology, but do have visually-impaired users in its existing customer base.|
|What users can and can't do using the API||
A variety of data input and output functions are available via a web service, which can be set up via either .csv or web service transactions. These include Absence Registration, Time & Attendance Clocking, Activity Time Booking and Entitlement and Flexi Balance Enquiries.
In addition a standard import transaction is available which can be used to import on a suite of over 50 API library transactions.
As the API service is flexible, they can be modified by the users, but only subject to appropriate access profiles, and subject to the security constraints on the system. Crown can provide expert services for support of customers in extracting and importing data via the APIs, provided at an additional consulting cost. Full documentation on this can be provided on request under Non-Disclosure Agreement.
|API documentation formats|
|API sandbox or test environment||Yes|
|Independence of resources||Each customer system exists as a virtual private cloud with dedicated resources, isolated from systems used by other customers. As a result each customer system is not impacted by other users.|
|Service usage metrics||Yes|
|Metrics types||Reports are available in the system which are accessible by the buyer.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||Encryption of data at rest within our MS SQL server database|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Crown Systems Integration team and the customer will create a requirements definition. In this document the integration team will specify the detailed content and format of each extract dataset, along with any file transport and communication requirements. Crown provide full documentation describing the steps necessary to install the product and any customer specific development.
Most frequently output files are written to pre-determined shared folders. File name nomenclature is configurable and can contain run specific values; for example, system date and time. Output can also be directed for consumption by external web services, or processed by integration middleware products.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The Crown Workforce Management application is implemented over the Microsoft Azure cloud platform, providing the guaranteed availability within that platform.
In a standard configuration, the virtual servers use premium SSD storage for all operating system & data disks, and VPN connectivity. All these service elements are guaranteed to deliver monthly uptime of 99.9% excluding maintenance and planned downtimes. The application also uses the DNS service which is guaranteed to respond to requests at least 99.99% of the time.
The system can also be optionally configured and installed in a Higher Availability and multi-site Disaster Recovery configuration for special requirements. Crown will provide quotes for such special configuration on request.
|Approach to resilience||
The Crown solution is implemented on virtualised infrastructure provided by the Microsoft Azure cloud platform with self-healing automatic recovery capability.
Virtual Machines and the Hypervisor physical hosts are monitored and managed by a Fabric Controller (FC) which has the ability to detect failures in 2 modes: Reactive and Proactive. If the FC detects failures in reactive mode (missing heartbeats) or proactive mode (known situations leading to a failure) from a VM or a hypervisor host, it will initiate a recovery by either redeploying the VM on a healthy host (same host or another host) and mark the failed resource as unhealthy and remove it from the rotation for further diagnosis.
Similarly, data is replicated in three separate instances within the data centre, protecting against failures of one or two replicas. To ensure that three replicas are always maintained, Azure Storage automatically spawns a new copy of the data in the background if one of the three copies becomes unavailable.
In addition to the resilience provided by the underlying infrastructure, the Crown solution also includes backup of the production databases, files, and application configuration to enable easy recovery from data loss.
Our solution is implemented in an environment that constantly monitors the performance, health, and availability of the infrastructure and applications. Many component level outages are automatically rectified by the automated service healing mechanisms.
Azure Service Health provides a dashboard to track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories.
The Crown solution is configured to create and manage service health alerts which proactively reports when service issues are affecting specified installations.
Service health alerts and reports can be sent to designated receivers via a number of channels including SMS, email, and Webhooks.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Restriction of access for management and support channels is implemented by a segregation of duties. For example, a system administrator of our hosting services team will have no access to the customer system or database contents.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Lloyd's Register|
|ISO/IEC 27001 accreditation date||7/8/2018|
|What the ISO/IEC 27001 doesn’t cover||The ISO27001 certification covers all aspects of Crown Computing with no exclusions.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Crown has an information security process to protect the data of our customers. This is aligned with the UK Government NCSC cloud security principles.
Access to the Hosted system is limited to authorised staff assigned to providing the Managed Hosted Services, with access through specific password controlled Profiles. The customer would have the right to undertake an audit of the security arrangements around the Hosting and Managed Hosting Services.
All staff assigned will be named and will be available for the Customer to undertake security reviews with. Crown employees are contractually required to comply with a number of Company processes and procedures, including Company Rules, the IT Code of Practice and the Employee Handbook which are designed to protect the business, our Customers and employees. Areas/topics covered by some of these policies & procedures include Confidential Information, Handling Customer data, Email & Internet Policies, Passwords, Network Security, Virus Control, Media Security and Social Media. All employees are aware of their responsibilities and that breaches to these policies are handled under the Disciplinary & Dismissal procedure.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Crown has its own change management process. This ensures each software change is assessed, prioritised and defined before being scheduled into our release plan.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Vulnerability management in the Crown solution is built upon the threat management capabilities provided by Microsoft Azure, which includes protection from both malicious software and attacks against systems and networks.
The Crown solution deploys Microsoft Antimalware for Azure, providing real-time protection; scheduled scanning; malware remediation; automatic updates to antimalware engine, platform, and signatures; active threat metadata reporting; and event collection and logging.
The solution is also protected against network-layer high-volume denial-of-service attacks by continuous monitoring and penetration-testing processes in Azure. This includes detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Protective monitoring is provided through Azure security health monitoring service.
Security policies are established for the installation, which will be used to monitor the system to automatically collect, analyse, and integrate with log data from anti-malware program and firewalls. When threats are detected, a security alert is created and processed through the incident management process.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
The Crown system takes advantage of the Azure Security Incident Response process, a part of the overall Azure incident management plan. This process involves a 5-step incident response process of:
- Detection of incident, originating from automated monitoring systems, or reported by phone, email, or web
- Assessment of impact and severity of incident
- Diagnosis, involving technical or forensic investigation as well as identifying mitigation
- Stabilisation and recovery through containment
- Close and post-mortem review
The incident will be tracked and managed by designated incident managers who will have responsibility to track, coordinate investigation and mitigation, and report.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.85 to £2.16 per person per month|
|Discount for educational organisations||No|
|Free trial available||No|