SpeakInConfidence is the anonymous communications platform for employee/stakeholder engagement, feedback, pre-whistleblowing and whistleblowing. Anonymous two way communications with own management, forums and surveys, make it easier for employees to discuss concerns and ideas with management, delivering: enhanced employee voice; enhanced management understanding; and enhanced engagement and performance with reduced risk.
- Core two way anonymous dialogue function
- Additional push question and pulse/mini survey facility to seek views
- Creates high level of staff/stakeholder trust
- Mobile optimised web app accessible on desktop, phone and tablet
- Cloud based, so no installation and highly secure
- Ready to go “out of the box” but highly configurable
- Tailor categories; managers; chase periods, reports and much more
- Anti-abuse and limits on traffic from / to any person
- Admin panel gives you immediate, high level of administrative control
- Sophisticated real time reporting gives clear management insights
- Gives opportunity for candid feedback and communications – enhancing understanding
- Great to enhance employee engagement
- Great for idea generation and sharing
- Enables staff to easily raise concerns without fear or filter
- Covers harassment & bullying, equality and diversity and whistleblowing
- Breaks down communications barriers and shortens feedback lines
- Direct but anonymous contact with own management creates resolution opportunities
- Helps remove employee feelings of disempowerment
- Spot problems earlier and easier before they become damaging
- Avoids need for multiple systems (and multiple costs)
£0.50 to £5.00 per person per year
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
From 8:00 am - 6:00 pm weekdays (excluding bank holidays) within 3 hours.
Over weekends and at other times on next working day.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We provide a single level of support for all clients which includes phone and email support.
The cost of support is included within the user licence fee with the only additional costs being any site visits requested by the client.
All client have a named individual to contact.
|Support available to third parties||Yes|
Onboarding and offboarding
When a new client starts using SpeakInConfidence they are allocated an account manager that works with them through the on-boarding process to ensure a successful launch. This includes providing of materials to guide them through the pre-launch process, online administration training, marketing collateral.
The client also gets access to our comprehensive online support area with resources for administrators, managers and users.
The account manager then works with the client regularly post-launch to ensure that they continue to get the best out of SpeakInConfidence.
|End-of-contract data extraction||Clients may download PDF copies of dialogues, including any manager notes.|
If any organisation ceases to be a client of SpeakInConfidence, we will remove all of its data and that of its staff/users within three months of their ceasing to be a client.
Alternatively, the client may choose to have a paid 12 months run off period after which the data would be deleted three moths post that.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||When accessed from a mobile device (smartphone or tablet) the pages reformat to fit the size of the device in question. Functionality is exactly the same.|
|Accessibility standards||None or don’t know|
|Description of accessibility||At this time SpeakInConfidence hasn't undergone formal accessibility testing but we believe that we comply with all relevant WCAG 2.0 success criterion.|
|Accessibility testing||To date we haven't done any testing of this type.|
|Description of customisation||
The system is highly customisable so the client is in control of whether they are using it for employee/stakeholder engagement and staff feedback, idea discussion or whistleblowing, harassment and bullying.
The system allows for a number of administrators within the client who can alter settings and administer the system at any time through a web interface.
Customisation of the service is enabled in two key areas (1) Messaging on landing pages and inside the system; and (2) System settings.
Key system settings which can be customised are:
(a) Whether staff anonymous dialogue is 1:1 manager, 1 to manager plus admin, 1 to all managers;
(b) What categories (topics) and management (responders) are on the system, and whether particular topics are linked to management most suitable to handle them;
(c) What reports are received;
(d) Whether forums are enabled;
(e) Whether push questions are enabled and if so for whom;
(f) Periods for reminders, suspensions (for anti-misuse);
(g) Whether staff are asked to select some area/function identifiers so patterns within the organisation can be more clearly identified;
(h) Other customisation options, such as changing the theme, are available on request and at additional cost.
|Independence of resources||The SpeakInConfidence service is automatically monitored to ensure that there is always sufficient capacity to meet the needs of all clients. Any potential issues are highlighted and additional capacity can be added within 30 minutes.|
|Service usage metrics||Yes|
Administrators are able to access metrics such as:
1. number of dialogues raised by category and manager
2. dialogues raised by “pick list” - this is bespoke to each client but a pick list could be location or grade
3. dialogues open by manager, showing when the last message was responded to
4. ratings by manager on how timely and useful was the response
5. closure rates and average response times by manager
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||All personal identifiable information and dialogues are encrypted.|
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Due to the nature of the data export is not possible.|
|Data export formats||Other|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
|Guaranteed availability||We aim to be available at least 99% of the time, apart from reasonable scheduled maintenance (either outside normal business hours or up to 1 day per quarter). If we exceed this, clients are entitled to 7 days free for each day we have been down as long as they request it within 28 days of the outage.|
|Approach to resilience||SpeakInConfidence is hosted on Amazon's AWS infrastructure used by many large organisations. We chose to partner with Amazon because of their work in this area. More details are available from the AWS website or directly from WorkInConfidence.|
|Outage reporting||There is a public dashboard at: https://status.workinconfidence.com/|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||The administration areas of all clients instances of SpeakInConfidence are protected via username and password. The system insists on strong passwords of greater than eight characters.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Given the nature of SpeakInConfidence security governance is regularly discussed at board level to ensure that it is maintained.|
|Information security policies and processes||
1. Clarity on what is collected, what purposes and how stored. This is clearly documented in Privacy policies and a further internal policy;
2. Technical measures to guard security and privacy. The CTO is in charge of this, and has close oversight of all aspects of the build and operations of the Company’s services. This is discussed regularly with the CEO and also in every board report there is an update, also highlighting any areas of security risk;
3. Organisational measures. All staff are required to be aware of the organisation’s security policies and processes, and are trained and are regularly updated on these. Any third parties working with us have to sign up to and adhere to these.
Any security risk is required to be notified to the CEO and COO immediately.
The above are reviewed and updated at least semi-annually and any key changes highlighted to the Board.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All components of the service are under configuration control (source control via git) and all changes are reviewed and tested with a view on security before being applied to the live service.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Potential threat information comes from a variety of sources such as our hosting provider for hardware and OS information, the providers of the development language and framework we use. These and other sources are used to determine the priority and the speed with which any are implement. For OS related patches these are typically applied weekly and for framework changes at the next major release unless it is considered a security risk in which case it would be hot-fixed.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Many steps are taken to ensure that the service cannot be compromised but we actively monitor the logs for unusual activity or activity from outside of known parameters.
If an anomaly is detected it is flagged up via both email and instant notification to support staff. This is then investigated immediately to see if there has been an issue and steps taken accordingly.
|Incident management type||Supplier-defined controls|
|Incident management approach||Incidents flagged up during routine monitoring will be dealt with through company policy. User can report incidents either through our website or via our dedicated email address: firstname.lastname@example.org.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.50 to £5.00 per person per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|