Kainos Worksmart Limited

Kainos Smart Software

'Kainos Smart' is a cloud-based automated-testing-platform built exclusively for testing Workday. This unique product makes it easy for non-technical users to create repeatable automated-tests for HCM, Security, Financials and Payroll modules – and is what Workday use to test their own deployment. Kainos is also a Workday Certified Implementation Partner.

Features

  • Covers HCM, Payroll & Financials business-process, Security configuration and Integration-testing
  • Allows automated execution and verification of test cases against specific-Workday-configuration
  • Test automation is pre-built and continually-maintained by Kainos against latest-Workday-version
  • Proven testing methodologies for HCM, Payroll, Security and Financials
  • Scheduling of concurrent test-execution on multiple-tenants enabling high-volume of test-execution
  • Reporting capability that consolidates results from multiple test runs
  • Troubleshoot tests failures at-a-glance with screenshots that show failure-location/ error-message
  • Secure storage location to share documents and data
  • Complete toolkit to assist with the creation of test data
  • API that enables integration with ALM and CI tools

Benefits

  • Tests the-security-of-your Workday population; and monitors and reports on change
  • Full end-to-end testing of business critical transactions- improving test coverage/quality
  • Reduces testing effort, timescales and costs during implementation and ongoing-regression-testing
  • On-average customers see a 40% reduction in implementation-time using Kainos-Smart
  • Reduces overall testing and maintenance burden on your SMEs
  • Frees-up staff time to-take-advantage of and adopt new Workday features
  • Improves auditability of-testing by producing transparent, concise audit evidence
  • Reduces risk in Workday implementations and ongoing BAU changes
  • Improves confidence levels of customer’s security configuration
  • Kainos-are-the-only Partner to implement Workday into UK public-sector to-date

Pricing

£22275 to £319000 per licence per year

  • Education pricing available

Service documents

G-Cloud 10

829834516621460

Kainos Worksmart Limited

Gregory Alexander

02890571100

presales@kainos.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Web Browser access is only required. Following versions and above are supported

• Internet Explorer: Version 11
• Firefox: Current Version
• Chrome: Current Version
• Safari: Current Version
• Edge: Current Version

Workday Preview window occurs biannually where we guarantee - Week 1 support for Integration, Security testing and full support for BP testing from Week 2 onwards.

Planned maintenance releases occur on Saturday morning to coincide with Workday releases though these are predominantly zero downtime deployments. If planned outage is required this will be communicated in advance and a Smart maintenance page will appear.
System requirements
  • Browser: IE8, IE9, Microsoft Edge, Firefox, Chrome, Safari 9+
  • Spreadsheet editor capable of reading and saving .xls format
  • Workday (Smart is an automated testing product for Workday)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are SLA based, and dependant on ticket severity. Response times are as follows:

Critical - Within two (2) hours of receipt of incident.
Severe - Within four (4) hours of receipt of incident.
Serious - Within one (1) day of receipt of incident.
Minor/Query - Within five (5) day(s) of receipt of incident.
Feature/Suggestion - Within two hundred and forty (240) hours of receipt of incident.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support No
Support levels As per our SLA one level of support will be agreed at the time of contracting.

This support cost is included as part of the subscription service cost so there is no additional charge.

We provide a dedicated Service Manager who has overall responsibility for day to day support, the Service Manager will liaise with our Development Operations team (Cloud Service) as required e.g. if server maintenance is required. In addition, we will hold regular calls with key stakeholders from the customer side via our Customer Success Manager to discuss account management queries.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Associated to the Kainos Smart product is a suite of implementation services delivered by our expert team of workday certified consultants in line with our industry best practice methodologies. All Kainos Smart implementations are tailored to suit the specific requirements and timelines of the customer and typically cover the following objectives:

- Kick off - the Kainos team provision your Smart tenant including connectivity to your Workday tenants.

- Plan stage - a series of collaborative meetings to agree implementation plan (timelines), agree & qualify the success objectives, identify test pack requirements and establish governance procedures.

- Delivery Stage - Kainos build and deliver of the Kainos Smart test packs as agreed with customer during plan stage.

- Knowledge transfer & training - onsite knowledge transfer workshop to complete handover of test packs and user documentation to ensure the customer team are self-sufficient going forward.

- Support – transfer to the Kainos Smart support team and assignment of Customer Success Manager to ensure customer continues to realise benefits for remainder of subscription term.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Kainos will retain Customer Data for a period of 5 years from data entry: Customer Data will only be available via the Smart tenant web application for 2 years from data entry and thereafter will be archived and retrievable upon Customer request.

Data can be exported unaided by the customer from Kainos Smart in the 2 year period after data entry using the export functionality within the product that allows export of test run results to .csv and .pdf file formats and export of the test data templates that contain the executable customer specific test cases to .xls format.
End-of-contract process Included in the contract is access to the applicable Kainos Smart modules for the duration of the subscription term:

- HCM & Integrations
- Security
- Financials & Integrations

Also included is the selected amount of Kainos Smart implementation services delivered by our expert team of workday certified consultants. At a minimum the implementation services cover two primary deliverables:

1. The creation of initial test packs containing approximately 2000 test cases covering a range of Business Processes, Security and Integrations.

2. Knowledge transfer to the customer team of the Kainos delivered test packs, and on-site training on the Kainos Smart product.

Ongoing support in line with our SLA is also included in the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API Smart has a REST API, the main purpose of which is to allow customers to orchestrate tests from an enterprise ALM (Application Life Cycle Management) tool or CI (Continuous Integration) Tool. When using Smart in this way, tests must still be created via the Smart API. However, once tests have been created they can be executed and re-executed from a 3rd party tool, with the 3rd party too having the ability to retrieve full detailed results via the API also.

The API does not allow users to create or modify test cases.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available No

Scaling

Scaling
Independence of resources Kainos Smart has auto-scaling configured to enable it to handle peaks in customer usage. The auto-scaling is designed to ensure that the infrastructure resources automatically scale to handle demand from all customers. The system is capable of processing tens of thousands of tests an hour. Kainos Smart uses Amazon Web Services Auto Scaling Groups.

Analytics

Analytics
Service usage metrics Yes
Metrics types We provide a breakdown of Usage per month, this includes:

– number of tests run by month
– number of tests run by test type
– uptime metrics
– Support ticket response metrics
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from Kainos Smart at any stage during the subscription term by the customer.

There is export functionality within the product that allows export of results to .csv and .pdf file formats. There is also functionality to allow export of the data templates that contain the executable customer specific test cases can also be exported to .xls format.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats Other
Other data import formats Xls

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Unplanned outage:
Uptime SLA 99.5%*

* based on 7 days’ x 24 hours per calendar month (exclusive of planned outage) this equates to 3 hours, 36 minutes per calendar month or 1 day, 19 hours and 48 minutes per year of unplanned outage.

Planned outage:
10 hours per month scheduled downtime (on 24 hours’ notice, to Customer, via email, of planned outages). The Subscription Services:

- may experience scheduled downtime of up to 10 hours per month for service updates;
- shall be available no later than 24 hours after each Workday update.
- updates will be aligned where possible with the Workday planned outage schedule.

Disaster Recovery:
Kainos targets a recovery time objective (the timeframe within which Kainos aims to have the Subscription Services restored) (an “RTO”) of 12 hours following an agreed Category A (Critical) incident occurring, measured from the time the Subscription Services becomes unavailable until it is available again. Kainos targets a recovery point objective (the maximum amount of transactional data that could be lost) (an “RPO”) of 24 hours. The RTO and RPO are target times only.

Due to the low price point of the product Kainos do not offer service credits or refunds.
Approach to resilience Kainos Smart leverages Amazon Web Services Auto Scaling Groups for all its servers. Auto Scaling Groups are configured to use three independent Availability Zones in each region. Each of the availability zones has a separate data centre with its own independent power and network supplier.

Should there be a service disruption in one of availability zones Amazon Web Services will automatically switch to the other ones. Kainos Smart application will route all requests automatically to redundant servers. Further, all Kainos Smart databases (PostgreSQL, Oracle, and Redis) leverage multi-zone deployments. In addition, Kainos Smart has enabled automatic daily database snapshots for its databases. The database snapshots are automatically copied to Amazon Web Services secondary region and Rackspace data centre (secondary cloud provider). Files stored in Kainos Smart are stored in Amazon Web Services S3 service with a live bi-directional cross region replication. Further, all files are also stored in Rackspace CloudFiles service.

Availability SLA: 99.5% (unplanned outages)

Due to the low price point of the product Kainos do not offer service credits or refunds.

For more information on the SLA please refer to section “Guaranteed availability”.
Outage reporting We report both planned and unplanned outages by email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Kainos Smart provides a separate Smart Management console that is only available to Kainos professional services and support staff to modify configuration parameters of customer’s Smart Tenants. Customer data is not available through this Management Console.

Access is restricted to the Kainos network and VPN. Users are authenticated using Username and Password.

Sensitive functionality within the console is controlled via 4 eyes policy workflows, preventing individual users from performing critical actions.

Kainos access to Customer Smart tenants is controlled by each customer via their Smart tenant including IP restrictions and account auto-expiry rules.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 12/03/2017
What the ISO/IEC 27001 doesn’t cover Outsourcing is out of scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Kainos has been assessed for SOC2 Type 2 compliance by EY.
Information security policies and processes Kainos has implemented information security policies based on compliance with:

- ISO27001 - policies include: asset management, human resources, cryptography, access control, physical and environmental, systems development and testing, compliance, communications, data protection/privacy and incident management.

- SOC2 Type 2 - focusing on Security Trust Principles

This information security policies are audited and certified by the British Standard Institution (BSI) against the ISO27001:2013 standard. Audits happen bi-annually.

Kainos has been assessed for SOC2 Type 2 compliance by EY. SOC2 audits occur annually.

New staff are required to confirm their understanding of all security policies. Annual security awareness training ensures staff are fully aware of processes. Training is administrated though a digital online system to ensure completion by all staff.

In addition to 3rd party audits, regular internal audits are performed on our information security controls.

In terms of reporting structure, we have a Chief Information Officer reported into by an InfoSec Management Team, Security Practice and a number of Business Unit Security Officers. The InfoSec Management Team is reported into by a Corporate InforSec Officer, an IT Systems Security Manager, a number of Systems Security Representatives and a Facilities Security Officer.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Customers log issues and change requests via the support portal.

Application defects and new features are logged in JIRA. JIRA tickets follow strict workflow statuses from appraisal through to testing, ensuring segregation of duties with approval steps at each stage.

Security is considered at all stages of the ticket workflow. Developers and testers focus on OWASP standards. All code changes are peer-reviewed.

Automated security testing uses tools including Arachni, Nessus, Zapp, W3AF scanner, Burp suite.

3rd party penetration and vulnerability scans take place bi-annually.

Our software stack and environment builds are managed by Puppet and AWS CloudFormation services.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The platform team performs Linux, AWS, and HTTPS scans of our application daily.

Weekly, the Smart application is scanned for vulnerabilities, using OWASP tools that utilises the NIST NVD.

Production environments have auto-attend patch updates configured, meaning latest patches are applied automatically.

Any identified vulnerabilities are reviewed by the security team. Vulnerabilities that have the potential to compromise customer data, with high risk of exploitation will be classified as critical

Bi-annually, Kainos uses 3rd Party Information Security company (CESG and Check approved) to perform vulnerability and penetration testing of Smart

Kainos aim to resolve critical vulnerabilities within 24 hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Trend Micro IDS and IPS is configured on the Smart production environment performing the following checks (Malware, Log inspection, Web reputation, File, process & port integrity)

Web Application Firewall deployed with checks including HTTP Protection, Real-time Blacklist Lookups, Web-based Malware Detection, HTTP DDOS, Common Web Attacks Protection, Automation Detection, Trojan Protection, Identification of Application Defects, Error Detection and Hiding

Elastic Stack is configured for log aggregation and real-time alerting.

Any potential compromise is reviewed by our security team to understand extent of compromise.

Kainos aim to respond to incidents immediately, with notification to customers of suspected compromise within 24 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach A)       Customer contacts Kainos with incident by phone, email or online ticketing system.
b)      Incident is triaged by assigned Support Engineer and if possible resolution identified, actioned and communicated back to the customer.
c)       If additional assistance is required, incident is raised with specialist Kainos Smart technical teams.
d)      Once a resolution has been found, incident ticket will be updated with details of when the fix will be released.
e)      Once the issue has been resolved, the support engineer follows up with the customer to ensure they are satisfied with the result.
f)        Incident ticket will be closed.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £22275 to £319000 per licence per year
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑