Alphatec Software Ltd

Timebox - Cloud Hosted, Time Recording and Expenses Management

Alphatec Software's Timebox is an award winning time recording and expenses SaaS solution, that will help you manage time spent and expense costs in dealing with directorates, clients, shared services, departments, cases, projects and activities.


  • Analyse time spent on individual clients, cases and services
  • Analyse time spent with shared services, departments or business sectors
  • Understand the true cost of dealing with claims/cases
  • Ensure you are maximising efficiencies from staff
  • Understand true cost and profit of the services provided
  • Input, Calculate and Monitor Expenses
  • Record time and expenses remotely, using smartphone or tablet devices
  • Record training, sickness and holidays
  • Provide accurate detail of work completed
  • Real-time reporting


  • Supports agile/home working and hot desking
  • Improve process, productivity and performance and work on any device
  • Real-time visibility and reporting on all time and expense costs
  • Monitor departmental and project level budgeting and variance
  • Resource planning and individual cost control
  • Detailed explanation of work carried out to client and department
  • Timebox is configurable to your organisations structure and terminology
  • Timebox is continually enhanced to meet your needs
  • Understand the true profit/contribution of your Department
  • Leading edge reporting capabilities


£12.03 to £18.03 a person a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 5 1 3 1 9 7 3 8 2 0 1 5 7 1


Alphatec Software Ltd Brian Boyce
Telephone: 0845 680 1911

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Users must have access to a web browser
  • Users should have access to a PDF viewer
  • Users should have access to a Excel viewer

User support

Email or online ticketing support
Email or online ticketing
Support response times
Acknowledgement will be within the hour and resolution is typically within one hour of acknowledgment. Standard support is only available during UK office hours Monday to Friday
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We provide a single level of support for all our users.

This support is included in the cost of the subscription. Each account is allocated a primary account manager and primary support contact.
Support available to third parties

Onboarding and offboarding

Getting started
Alphatec use our expertise in dealing with hundreds of organisations to help guide new accounts through the process of configuring and setting up their account in order to gain maximum benefit.

As part of the implementation process. we provide onsite training or online training depending on the organisations preference.

There is also user documentation available as well.
Service documentation
Documentation formats
End-of-contract data extraction
The standard Timebox reports allow users to extract their information if they wish. If the users want the information in a specific format to ease with migration to a new platform, we are happy to provide the consultancy to facilitate this.
End-of-contract process
At the end of the contract the user is required to give notice of wishing to end the contract. At that point in time we will start discussions with them to agree a date when they want us to supply their information to allow them to have a seamless transition. We will then discuss the informational needs and will supply them with their information on the day they want it delivered and once they confirmed receipt of the information, we will revoke their access to the account. If they would like us to, we will hold their data on the system for up to 30 days, so as to allow them to ensure they have everything they need for moving forward and we will then confirm with them that we are going to delete their information from Timebox permanently. The information will then be deleted. At all stages we will work with the client to help ensure the move is as simple and easy for them as possible.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile and desktop services are identical and the system user interface is fully responsive so that the screen rendering takes account of the size and form factor of the mobile device being used.

Mobile: Timebox runs on:
Android Smart Phones – E.G. Samsung
Windows Phones
Windows Tablets
Android Tablets
Running modern supported versions of the appropriate Windows, Android and iOS Operating systems.
Service interface
Description of service interface
The Service interface provides a simple, easy to use interface and user dashboard to allow you to track staff time, costs, expenses and income in relation to all services, projects and activities carried out - whether in relation to a client, case or claim.

As well as this, individual users can use their dashboard, to track time spent on clients, services and activities over a given period.

The system provides a fully responsive web interface to the service, a management and user dashboard service interface and a mobile specific service interface for the entering of time and expenses.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The system was developed with the Kendo UI control suite which supports WCAG 2.1AA and AAA See:
What users can and can't do using the API
The current API is limited to the inclusion of clients and income
API documentation
API sandbox or test environment
Customisation available
Description of customisation
Admin users can add their own activities in the system set-up area of Timebox. They can also add their own services, clients, departments, users and expense types.
Alongside these facilities, they can also set up "tags", to associate clients or departments together to monitor time, expense and income costs.
There is also a specific project area, to allow users to track budgeted project costs against actual costs based on time costs.

The words client and department have been used in the description above but Timebox even allows you to define the naming of the organisational structure - e.g. this could just as easily be directorate and section or service and department if Timebox is implemented in a small part of the organisation.


Independence of resources
Resource utilisation is monitored and flexed to ensure the system operates quickly and smoothly for all users.


Service usage metrics
Metrics types
Users can themselves report on the various metrics including time spent with clients, on cases, on projects and on an individual user by user basis as well.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
In addition to the above the network and database are also both secured and the users password credentials are encrypted.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data in a number of ways including Excel, PDF and CSV (simplified excel)
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
Excel: import only available as part of new account setup

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We also implement a number of additional security measures to ensure security of both the system, the communication and the users data. e.g. we implement secret key authentication on all pages to protect users from cross site scripting.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The applications are monitored 24 hours a day, 365 days a year, with 24 hour support at network, developer and DBA level.

We guarantee 99.9% up time. We do not provide refunds.
Approach to resilience
This information is available on request
Outage reporting
Through our web site, e-mail alerts and twitter.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Username, Password and a unique Account ID known only to the users of the account
Access restrictions in management interfaces and support channels
Access to management modules is secured and access to the individual modules, can be defined by a system admin user on a user by user basis.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
CDL Group
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
There are no exemptions in relation to the service listed on the framework.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Our Datacentres that host and operate Timebox are accredited
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our Information Security policies and processes are all ISO 27001 certified. As well as the above, all releases are subject to security assessments based on the following criteria:
a) New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.
b) Third Party components – will be subject to full assessment after which it will be bound to policy requirements.
c) Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.
d) Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.
e) Emergency Releases – An emergency release will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by a Director or appropriate manager who has been delegated this authority.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change management is managed through our change management system Jira and Confluence.

All source changes are managed through source control.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have external and internal vulnerability scans. These are run twice a week and any critical or high issues found are resolved as they arise, medium are planned for deployment or patching along with the monthly upgrade deployment. Service packs and patches are applied once their impact on applications and users has been assessed and tested. The information for the issues, service packs and patches comes from the internal and external vulnerability scans that run twice a week.
Protective monitoring type
Protective monitoring approach
We have threat detection and DDoS protection within the datacentre and also have the application configured to provide logging and automatic notification of both errors and unauthorised behaviours.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents by e-mail or by telephone to our support team. We have documented processes in place for common events (e.g. user access etc).
All support incidents are logged in Jira our incident management system and tracked through the SCRUM broads.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£12.03 to £18.03 a person a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.