Worktribe Ltd

Worktribe Research

Worktribe Research enables Higher Education Institutions and research institutes to: record and disseminate research opportunities; cost research projects; manage funding submissions; manage contracts; track project spend; record and manage project impact, outputs and rich researcher profiles, presented via our Open Access repository; and prepare their REF2021 submission.

Features

  • Modular construction, covering full research life cycle including REF submission
  • Modules integrate to create fully consistent, coherent, single database system
  • Single sign-on integration via Shibboleth or Active Directory
  • Full control of user access and data visibility
  • Full fEC project costings using TRAC structure
  • Configurable workflow control of approvals processes
  • Project spend tracking with milestones etc.
  • Storage, submission and harvesting of research outputs
  • Recording of research impact, evidence and rich researcher profiles
  • Support for preparing your REF2021 submission

Benefits

  • Coherent 'single source of truth' makes for consistent management reporting
  • Workflow ensures that approval processes are properly followed
  • Integration with external systems means all systems are synchronised
  • Modular approach means extra functionality can be added later
  • Full integration avoids inter-system mapping issues and re-keying
  • Relationships with external organisations can be seen 'in the round'
  • Consistent user-friendly interface reduces training needs and enhances uptake
  • Simplified project budget creation, approval and submission processes
  • Easier management of outputs, impact and researcher profiles
  • Data easily collected and scored for REF2021 submissions

Pricing

£5950 per licence per year

Service documents

Framework

G-Cloud 11

Service ID

8 1 7 1 9 3 0 9 6 8 4 5 9 6 4

Contact

Worktribe Ltd

Jon Hackney

0870 020 1760

info@worktribe.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The system does require some configuration to accommodate each client's internal approvals processes. The configuration is performed during the implementation project, which under G-Cloud is termed the 'onboarding process.'
System requirements
Users require a modern browser with javascript enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Second-line Worktribe support is available to technical University staff from 9am to 5pm UK time, Monday to Friday, excluding English bank holidays.

Faults are categorised and resolved based on their priority:
* High (Service is not available, multiple users affected): 1 hour response, 4 hour fix/workaround.
* Medium (Intermittent fault causing great difficulty in using the service, one or more users affected): 2 hour response, 8 hour fix/workaround.
* Low (Intermittent fault but service is still usable, one or more users affected): 8 hour response, fix time by agreement on a case-by-case basis.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
Support services are included within the annual SaaS fee.

We provide remote support between 9am and 5pm Monday to Friday, excluding English public holidays.

Typical support arrangements for ongoing support and maintenance are that the client provides first-line support in-house, with Worktribe providing second- and third-line support via our UK-based helpdesk.

Support requests are submitted to Worktribe using our online tool or, in exceptional circumstances, via email. Regardless of the channel through which the request is raised, a ticket is created on our portal to track the request through to resolution.
Support available to third parties
No

Onboarding and offboarding

Getting started
Worktribe immediately provide 3 environments as standard: Test; Train; and Live.

The implementation process then consists mainly of: onsite training for the client's project team; workshops to define the client's approvals processes; configuration of the system to accommodate the agreed approval processes; client staff setting up the base data (client-specific lookup lists, for example); client staff setting up integration links with their other systems (typically HR, finance and website CMS); importing legacy data (optional); testing; client staff training the wider user base; and go-live. The following documentation is provided: User guides; Administrator guides; API documentation; data import documentation; documentation guidance on use of templates for documents containing Worktribe data.

Worktribe provides a project manager and an account manager. Support is provided from the start, and regular progress meetings are held. The key determinant of implementation speed are the readiness of the client and the client's assigned resources. As the system is already in wide use, the implementation process has become streamlined and fairly straightforward.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Clients may extract their data using the following methods:

1) Using the Worktribe API, which is comprehensive and exposes all user data.

2) Using the SQL data extract, which is provided as part of the Worktribe service. This extract is normally provided on a regular basis for input to the client's Business Intelligence or other corporate reporting system, but may also be used as a data source at the end of the contract.
End-of-contract process
The costs of the end-of-contract process are included within the normal annual SaaS charge. The process is:

Some months beforehand, client and Worktribe to agree dates for trial data extracts and uploads to new system, and for final data extract.

On each extract date:
* All users (including system administration users) to be logged out at a previously-agreed time.
* Worktribe to shut down all user access to the Worktribe system.
* Client to perform whatever extracts they need via the API.
* Client to test the outcomes (including imports to the replacement system).

After the client has performed the final data extract:
* Worktribe to delete all copies of the client’s research-related data from its systems, no matter how old, or where held or in what format. (This may require destruction of physical media.) Worktribe to inform client in writing when deletion is completed.
* Worktribe to retain data regarding business contacts between the client and Worktribe, and commercial data regarding the relationship, subject to the limitations of the Data Protection Act or equivalent(s) then in force.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
The system includes a Graphical User Interface (GUI) and an Application Programming Interface (API). Other interfaces are also provided for importing legacy data in Excel format and exporting report data in Excel, CSV, XML and Microsoft Word formats.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
To assist in our accessibility evaluations, we use the Web Accessibility Versatile Evaluator (WAVE) tool.

Text blocks are well formatted and readable by screen readers.

Worktribe users can also customise the presentation for accessibility within the usual constraints of the web browser and their operating system (for example to increase the font size or change the contrast ratio).
API
Yes
What users can and can't do using the API
Worktribe's comprehensive programmatic REST API has HATEOAS features. This is our preferred method for integrating with your other systems.

Typical API uses include: loading legacy data; receiving HR data (including salary data) from your HR system; integrating with your finance system to synchronise budget codes and receive 'actual spend' data; integrating with your web site CMS to expose researcher profiles and research outputs.

The REST API exposes all data entities to full CRUD (Create, Read, Update, Delete) operations, and is fully under the control of the client.

The integration mechanism consists of responding to authenticated HTTP commands sent by external applications. This means that creation, reading, updating and deletion of records within the Worktribe system by external applications are performed using the appropriate POST, GET, PUT and DELETE commands. Data is exchanged in JSON format.

The system also includes an event driven 'subscription' system. This means that the client is able to have both 'push' and 'pull' integrations.

API-based interactions between the Worktribe system and the other systems may be managed by your own ‘integration layer’ or ‘middleware layer’. This is a flexible, ‘loose coupling’ approach to integration.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The Worktribe Research system is provided as a package, with the following customisable/configurable aspects:

1) Clients can maintain their own specific lookup lists (e.g. organisation structure, salary scales, lists of journals and publishers, tags of all types, report templates, and so on).

2) The system's workflow is configured to accommodate the approvals processes for each client. This configuration is done during the implementation project, called the 'onboarding process' under the G-Cloud framework.

3) The system can also accommodate client branding. The login screen, home screen, research portal, downloadable PDF reports and those produced using the template functionality can include the client's logo, although the Worktribe colour scheme is fixed. Any logo needs to be supplied by the client as an image file.

Scaling

Independence of resources
We run a mixture of physical hardware and virtualised systems that give us the best balance of performance and redundancy, using load-balancers and private cloud systems for dynamic scaling. All virtualised systems are single-tenanted (i.e. clients do not share virtual disks or machines).

Analytics

Service usage metrics
Yes
Metrics types
The support portal includes provision for client reports and data exports to be created at any time, so that performance against SLA is completely transparent.

Examples include:
• Uptime%
• Number of support tickets per month
• Average issue resolution time
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users may export data from the Worktribe system in JSON format via the API.

User-specified report datasets may also be exported in CSV and Microsoft Excel formats.

The Worktribe system also enables export of data directly into documents, using the mail-merge features of Microsoft Word. Clients may create many Word templates which retrieve the required data from the Worktribe system automatically and present it as part of the resulting document.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON (via the API)
  • Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Excel
  • JSON (via the API)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our standard availability is 99.8% uptime. The Worktribe Service Level Agreement includes provision of service credits if availability drops below 99.8%.
Approach to resilience
We use virtualized servers and redundant disks that give us a high level of availability and resilience at our hosting provider. This maximises uptime and minimises the risk of system loss.

We take hourly encrypted backups to local backup systems at our primary secure host. These encrypted backups are themselves immediately backed up to a second secure hosting site, as a precaution against failure of both the system and backup at the primary host site.

In the event of disaster, we will trigger the restore from backup, prioritizing the database load. Any restoration of data from backups is performed by our in-house staff.

Worktribe uses automated provisioning software that enables us to quickly rebuild systems at a disaster recovery site. If we initiate the offsite recovery (e.g. if all network connections to the primary host were severed, with predicted downtime of hours or days) we can be up and running at the disaster recovery site within hours.

We regularly test our backup systems, both offsite and onsite. In practice we temporarily clone and restore live systems for testing and support, so the system is in constant use. The frequency of testing, for various reasons, approaches weekly.
Outage reporting
The situation is presented on each client's support dashboard provided by Worktribe, so it is immediately visible to the client.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
The Worktribe system supports single-sign-on using customer Identity Providers including Shibboleth (via the UK Access Management Federation), Microsoft ADFS, Azure AD (SAML 2.0) and CoSign. With several of these systems, multi-factor authentication is also available. The Worktribe system also includes a built-in local authentication module (password based) and Active Directory integration (using LDAP over SSL).
Access restrictions in management interfaces and support channels
There is no management interface available to client personnel or to hosting suppliers. Access to servers for management purposes is tightly restricted to just a few individuals within Worktribe.

For our own support personnel, access to client data is controlled by public key authentication rather than by password. The 5 staff authorised to access client data have individual keys, and the authorised set is controlled by our provisioning systems. Alternatively, the support personnel can ask the client to grant access, which of course leaves the usual in-app audit trail.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI Assurance UK Limited
ISO/IEC 27001 accreditation date
27 March 2018
What the ISO/IEC 27001 doesn’t cover
Secure hosting services are not covered by our ISO27001 certification, but are covered by that of the secure hosting suppliers we use. We only use hosting suppliers who are ISO27001 certified.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Chief Information Officer (CIO) is an Executive Director of Worktribe, who ensures that:
• The Information Security systems are fully documented and implemented in accordance with ISO 27001:2013
• All employees are made aware of customer requirements and have the skills to ensure they are met.
• All employees are aware of the Information Security policy statements, and their role in the implementation of these. This is supported by provision of a Staff Security Procedures document on the company intranet, and frequent reminders on the intranet to keep security at the front of employees' minds.
• Management reviews of the performance and improvement potential of the Management System are regularly provided.

In practice, the CIO is also personally involved in the control of access to client data, which can only be obtained through explicit and time-limited permission, and is only granted to a few staff. Access to client data is also tracked through use of individual keys, so that each access can be traced to a specific individual.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All software is based on the secure Worktribe platform to minimise security risks. Each software release and each build within each release is uniquely identified. Each new release is tested before publication. Requests for new and amended functionality are normally discussed using our on-line user group forum. Those gaining sufficient support are discussed at formal user group meetings. Further specification refinement may then take place in special interest group meetings, so that new features embody best practice. The new functionality is then embedded into our road map, and provided as part of our planned release schedule.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our systems are hosted in a private cloud with secured access, so the server environment is tightly controlled. We receive the security patch streams for Ubuntu LTS (the operating system on our servers), which are installed automatically on our development systems, and we then patch production systems manually and promptly. Our DBMS is our own proprietary system which is stable and is guarded in several ways which prevent any unauthorised access. This prevents security attacks against the database. Also, user access permissions are enforced by the Worktribe platform at the lowest level of database access, so cannot be subverted.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use automated monitoring tools to keep a continual eye on the systems, and intervene immediately if we see any issues arising.

Our clients are often impressed with the speed with which we react to situations; no doubt you will ask our other clients about such matters.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents as support requests. If we ever had a data breach it would be accorded the highest importance and urgency, and escalated for immediate investigation by our most senior engineers, including the Chief Information Officer.

An integral part of our incident management process is frequent investigation progress updates by phone and email. For this purpose Worktribe maintains an 'In Case of Emergency' list which contains both phone and email details of emergency contacts within clients, to be used in the case of such an event.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5950 per licence per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑