Gravitas Recruitment Group Ltd

Gravitas Cloud Reporting Solutions

The service is two-fold - Cloud Based Time Management System and Secondly Statement of work, cloud based solutions.
Both has been designed to enable Buyers to deliver their day to day activities in a timely and efficient manner. Whilst enabling confidence around compliance.


  • No minimum or maximum volume
  • Industry leading expert knowledge
  • Remote Access
  • Multiple user ability - Primary and secondary approval options
  • UK based leading edge skills pool - Full UK coverage
  • Industry respected
  • Support Provided
  • Account Manager


  • Short lead times
  • Access anywhere (Desktop or Mobile)
  • Easy Access - Login details
  • Clear communication
  • Fast Response
  • Customer driven experience
  • Single point of contact - Bespoke care
  • Clarity of costings at all stages of the process
  • No long-term commitment


£100 to £500 per person per month

Service documents

G-Cloud 11


Gravitas Recruitment Group Ltd

Liz Ellis

0161 667 0700

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Constraints that the buyer needs to be aware of.

Planned maintenance/upgraded on the portal, but the buyer will be made aware of this with advanced notice.

Support out of hours - Weekend support is limited, as there is no 24 hour Help Desk.

Secondary Approver account which are set up for a set amount of time, as opposed to the length of the contract, won't receive email notification of a time-sheet to approve, so they will need to check manually.
System requirements
  • IE(9+)
  • Chrome
  • Firefox
  • Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 12-24 hours Monday to Friday
48 Hours - Saturday and Sunday
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Users are provided with a telephone on boarding call initially from our award winning back office team.

Users are sent a notification when action is required.

Users are provided with an Account Manager from the Gravitas Back office team, if they are unavailable another team member will be in touch.
Support is provided over telephone, email and onsite if required.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Initially users will be sent a 'How to guide' for them to read through.

This will be followed up with a telephone training session to ensure the user is comfortable with the functionality and also the time frames associated with approvals, if they have opted into the pay-rolling function as well.

The user will be sent a link and login details to the portal and they will be able to access this from a Desktop and mobile devices.

Onsite Training is also available if there are multiple users being on boarded at the same time.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A request will be made to the back office team and the information can be extracted from the portal into an excel spreadsheet.

We can also provide access to the portal once the contract has ended to ensure the Buyer has continued access to the data they need.
End-of-contract process At the end of the contract, there are no costs associated.

Any information required by the Buyer from the portal (e,g Time sheets, hours, consultant info) can all be exported to an excel spreadsheet. The Buyer can request for the login details to stay active if they require to continually access it for information. If not, the portal login will automatically deactivate 30 days after the off- boarding has been confirmed.

The off-boarding process at the end of a contract or end of Work-package is at no extra fee.

If off-boarding occurs during a contract, then a termination fee will apply - please see pricing template. However the portal will remain active for 30 days and the spreadsheet template of extracted data can be obtained by the buyer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference as both are accessed through a Browser.
Customisation available No


Independence of resources Service record, 99% uptime. Metrics to monitor and warning systems in place. Managed by our IT Provider.


Service usage metrics Yes
Metrics types Login, records viewed, activities completed
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Email to

Working in partnership with our CRM provider, we have different tools designed to meet different requirements of GDPR legislation, right to erasure, right to be forgotten etc.

Data can be provided in user friendly format (typically .csv) within 30 days of request.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Her via VPN linking or SFTP interfaces
Data protection within supplier network Other
Other protection within supplier network Both with physical (firewall) separation and logical (access control) separation for all data within our systems

Availability and resilience

Availability and resilience
Guaranteed availability Data Protection queries would be responded to within 30 days. Issues can be directed to for further discussion.

Timesheet portal queries should be directed to, we would endeavour to provide a response to urgent queries within 2 hours, other queries same day.
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All users have access profiles, which control not only their access to the portal, but also to the screens and data sets that they are entitled to see
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication Multi factor user authentication

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISO 27001
ISO/IEC 27001 accreditation date 2014 and ICO Registration renewed May 2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 9001
  • Part way through obtaining 27018
  • ISO/IEC 27018:2014

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Reviewed with Board
Issues logged
Monthly meetings with IT provider to discuss any IT security issues
Data Encryption - high level certification - SSAE 16 SOC1 Type II
Access controlled by role and seniority
Tracking access to data, IP address restrictions
Information security policies and processes Security monitored alongside IT support company.
Any issues would be escalated accordingly.
Policies cover classification of information, confidentiality, integrity and availability, staff with particular responsibilities, users covered, access levels, unauthorised access controls, security provisions and reviews, legal and regulatory obligations, suppliers, compliance, disciplinary procedures, incident handling

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components of services we deliver are automatically recorded, retained within our CRM

Authorities Matrix defines who is able to authorise amendments. The authorities matrix defines risk and security considerations, and what action is required.

Data Security is managed by our IT provider, who operate to AES 256-bit standard encryption, data backed up in data centre.

Bitdefender is used for virus checking.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Managed by our IT provider

We run bitdefender virus protection, business grade firewalls (Fortigate) with notifications for potent hazards

Patches and updates are processed once per week.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Managed by our IT provider

We run bitdefender virus protection, business grade firewalls (Fortigate) with notifications for potent hazards

Patches and updates are processed once per week.
Incident management type Supplier-defined controls
Incident management approach Managed by our IT provider

We have documentation for our processes for reporting and resolving incidents, available on request.

Incident Reports are produced by our IT provider, using Service Now.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £100 to £500 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to the Platform to demonstrate it's usability and functionality. A demo of how to use the platform will be included. The Buyer will be given access for one user - Cost of Payroll not included.
Link to free trial N/A

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑