Workforce Software

Time & Attendance

WorkForce Suite – Time and Attendance
WorkForce Suite is a flexible, cloud solution for managing your diverse workforce. Delivering real-time insights, packaged domain expertise, and future-proof capabilities to meet ever-changing business needs, the WorkForce equips organisations to reduce labour costs, demonstrate compliance, and boost employee engagement while maximising operational efficiencies.


  • Employee Scheduling
  • Absence Management
  • Multiple Time Recording, Clocks, Biometric, Timesheet, WebClock, Mobile
  • Time evaluations and approvals
  • Gross pay calculations
  • Payroll integration
  • Crew Management
  • Workforce and Payroll Analytics
  • Mobile First


  • Actionable insight to your organisation’s costs
  • Reduced absence costs
  • Simplified absence and leave management
  • Reduced payroll errors and improved
  • Accurate snapshots of your employees’ day-to-day labour activities
  • Accurately report on labour cost, attendance, absence, workforce compliance
  • Enabling staff to indicate availability and swap shifts with peers


£2 per licence per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 1 4 6 4 2 7 6 0 2 2 6 1 3 5


Workforce Software

Dougie Toal

07732 681602

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Our thin client, web-based architecture allows all user interaction with the solution through a standard browser with no customer installation, desktop upgrades, Java applets, or other plug-ins needed. Other vendor products often require users to install Java, Flash, or Silverlight.

Supported browsers include Microsoft Edge, Internet Explorer, Chrome, Safari, and Firefox. Intranet and Internet access are web-based and the application can accept input from both limited only by your internal security (firewall) settings.
System requirements Desktop Browser- Internet explorer, Edge, Firefox, Chrome, Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The support response times are detailed the WorkForce support policy.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Support levels are detailed in the WorkForce support policy
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer training to end users, managers, IT administrators, help desk support, and technical personnel. We offer on-site instructor-led classes and courses at our location. Training is delivered by consultants who are familiar with your organisation and your business rules. The training will enable your team to quickly and efficiently employ your workforce management system.
Business area training:
We typically start the project off with a training course called Core Concepts. During the Core Concepts class, we provide your implementation team an overview of the application, the types of design decisions that will be made during the requirements process, and an overview of the requirements gathering process.
The next business area training comes after the delivery of the solution. End user training consists of training on all areas of application for employee, manager, and any type of administrator who is involved in time and attendance processes.
For IT, help desk support & technical users:
We offer a number of courses to transfer the technical knowledge from our team to your staff. In addition, we offer courses to run reports, create custom reports, run ad hoc reports, and create an ad hoc reporting universe for end users to create reports with.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Upon termination, the customer has the right to receive their data back from us in an industry standard format, and for the data to be removed from our systems. Please note: Conversion to other formats is available, but would be billed on a time and materials basis.
End-of-contract process Upon termination, the customer has the right to receive their data back from us in an industry standard format, and for the data to be removed from our systems. Please note: Conversion to other formats is available, but would be billed on a time and materials basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Currently we have many customers taking advantage of our mobile apps all over the world. In a multi-device, multi-screen world we think about mobile not just as a way to expand access to your most critical HR systems but also as an opportunity to enable people to work differently. We are so confident about the transformative power mobile HR can have in your organization that we want to make it really easy for customers like you to try, experiment, and see it for yourself.
Service interface No
What users can and can't do using the API APIs require unique user ID and password. APIs are used for backend services and are not accessible through the normal user interface, but require administrative access to a limited-access configuration tool.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available No


Independence of resources As your organisation grows and changes, The WorkForce Suite will keep you on the right track as you manage your workforce. The WorkForce Suite is a multi-tiered, web-based time and attendance solution, featuring a scalable system architecture designed specifically to support large enterprises. A multi-tiered solution is used to provide for the maximum in scalability and reliability. Scaling of the solution is included in service offering.


Service usage metrics Yes
Metrics types Uptime Reports
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reporting and Integration tools are available within the solution to allow admin users to export data down to field level or create data files that can be used for integration purposes
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The uptime SLA is 99.5%. Our actual historical average is 99.9%.
Approach to resilience Our SaaS environment was designed for high system availability. This includes using servers containing redundant components and connecting them to a redundant network. We also have redundant systems for key infrastructure components such as DNS, mail, and authentication services.
Your data is stored on rows of database servers, each row consisting of a primary server and two standby servers. We replicate to standby database servers at our primary SaaS Facilities, and to those located at our disaster recovery SaaS facilities.
Our secondary SaaS facilities serve as disaster recovery sites. The gear installed duplicates the gear in the primary SaaS facilities so, in the case of a failover, you should expect similar performance. We test failover annually.
Our SaaS facilities, located in colocation data centres, have redundant power, cooling, and internet connections.
Outage reporting Our support team notifies the customer of any outage lasting more than 10 minutes. We monitor all systems and applications 24x7 and responds to critical alerts 24x7 following documented escalation procedures to ensure timely response to issues

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Security is consistent throughout the solution.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SCHELLMAN
ISO/IEC 27001 accreditation date 13/09/16
What the ISO/IEC 27001 doesn’t cover The Statement of Applicability includes all ISO 27001 Annex controls in scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SOC 1 Type II (SSAE 18)
  • SOC 2 Type II
  • ISAE 3402 Type II
  • EU-US Privacy Shield

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have the full suite of policies required by ISO 27001, include those that might be required for the Annex A controls.

Our senior executive team reviews and approves our security and privacy policies and programs. The Security and Privacy Team is responsible for security oversight, compliance, and enforcement. This includes leading the development and management of information security policy and strategy, information security assessments, and training and awareness. The Team also serves as the primary contact for security incident response, providing overall direction for incident prevention, identification, investigation and resolution.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use documented change management process and procedures. A Change Advisory Board meets up to daily (in person or virtually) to review and approve/reject change requests. Automated tools are used as much as possible to deploy and enforce changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management begins during software development. Automated SAST tools look for vulnerabilities during the software build process, and a dedicated Application Security Development Team performs dynamic scans and code reviews to look for vulnerabilities. We perform weekly external and monthly credential internal vulnerability scans of our network. In addition, we use an independent third-party to perform quarterly vulnerability scans, annual data center penetration tests, and annual web application security assessments to proactively discover vulnerabilities. Security exceptions are prioritized by risk and tracked by our security team
Protective monitoring type Supplier-defined controls
Protective monitoring approach Defence in depth is achieved through a variety of protective tools that include DDoS protection, web application firewalls, reverse proxies, intrusion detection, DMZ firewalls, firewalls between subnets, anti-virus, anti-malware, and log analytics. We are alerted 24x7x365 for critical issues, with automatic escalation of issues.
Incident management type Supplier-defined controls
Incident management approach We have a documented incident response and breach notification procedures that includes provisions for customer notification. The priority is to deny further exposure and quickly restore services, and to contact any affected customers as soon as possible.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2 per licence per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑