Novate is a cloud based solution that allows the Public Sector to manage and procure the engagement of temporary workers. This is all ran by our state of the art technology, the cloud solution enables The Public Sector Clients to optimise their use of temporary workers and comply with HMRC.
- Bank Module: Identify manage rota and distribute to internal workers
- VMS: Agency Vacancy Management of all role's to be distributed
- Workforce Reporting Real time cost and time reporting - workforce
- Integrated Timesheets Cloud based timesheet & payment system
- Sales Ledger Integration Cloud based purchase and sales ledger integration
- Management Information Facility to view and download the Management Information
- Timesheet & Invoice Management Electronic timesheet & Invoice management
- Efficient processes Removal of paper processes through cloud technologies
- Manage multiple contracts Cloud based workforce management portal
- Accessible on the go Workers have accessibility via smartphones/tablets
- Modular: The Portal can be tailored to the user requirements
- Data management: MI enabling management data relating to clients workers
- Ongoing Maintenance: Novate will provide ongoing maintenance of the system
- Advisory Services: IR35 support to comply with HMRC
- Implementation: Minimal impact during implementation
- Payroll Service: Payroll management services in place ensuring timely payment
- Third Party Integration: Aiding efficiency and reduce duplicating activities
- Support: Novate will offer support to Clients, Agencies and Workers
£50 to £1000 per transaction per week
Novate Staffing Limited
|Service constraints||No known constraints to the system.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||All questions are acknowledged within 3 hours and responded to within 24 hours, 7 days a week.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
|Support levels||Novate's ongoing support includes: On site presents for training support, 24/7 phone and email contact on going. Initial volume increase – seeking to maximise the number of workers going through the new process. Management Information – a range of management information is offered to the client giving them a greater level of visibility. Ongoing account management; Support to Temporary Workers, Agencies and Client. Full system support available 24/7 too.|
|Support available to third parties||Yes|
Onboarding and offboarding
Novate will host an implementation meeting with the major stakeholders within the clients organisation.
Our account managers and implementation team will work with the clients team to make sure they have a full understanding of how the system works and full onsite training and support will be given.
There is also online training guides and one on one training if needed. We can also offer train the trainer if needed but Novate would rather host the training our self.
Novate will work with the client on how and when they wanted to first launch the system and book all relevant training in advance.
|End-of-contract data extraction||
Novate will arrange a meeting for the stakeholders within the organisation and discuss the exit plan.
Novate will do an extract of all data helped on behalf of the client and extract to a Excel/PDF and send all supporting documentation too.
The Client can also go on to the system and do the extract themselves if they wish too.
We will work with the client to make sure they have all the relevant information and documentation they need.
Novate will arrange a meeting for the stakeholders within the organisation and discuss the exit plan.
Novate will work with the client to make sure they are full aware of the exit plan and what is needed from them.
If the client goes with a new provider we will discuss how we migrate details that the client might need to migrate.
There is no exit fee for working with Novate so no extra cost needed.
Novate will need their agree notice period so they have significant time to do the exit plan.
Using the service
|Web browser interface||Yes|
|Using the web interface||Novate's Portal is all web/cloud based and no interface needed to the clients internal systems. Any client can make changes very easy but Novate would recommend you speak to our support team and they will work the changes for you. This will be done in a timely manner to work to the Clients time scales.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Novate Portal will be opened via e browser, Google Chrome or Firefox. The end client must have the most up to date e browsers to work (8+). We also have access via tablets and mobile devices.|
|Web interface accessibility testing||Full testing has been done across several platforms in the Public Sector.|
|What users can and can't do using the API||We can provide the appropriate API coding to allow our clients the relevant access to the system. This will be configured as required with our clients.|
|API automation tools||
|API documentation formats|
|Command line interface||No|
|Independence of resources||We use multiple virtual servers which can scale to meet demand.|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Hardware containing data is completely destroyed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||All data is backed up|
|Backup controls||All backups are automated without user intervention.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||We utilise HTTPS.|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We can guarantee a 99.99% uptime for service availability. Users are provided with manual processes for any downtime, to allow for no disruption in service.|
|Approach to resilience||This is available upon request.|
|Outage reporting||Email alerts, texts, phone calls can all be utilised to report any outages.|
Identity and authentication
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||We define all users throughout implementation and agree at this stage the relevant access levels for all key users. This can be updated periodically and users profiles updated within the system. All requests will need to be provided by a key director of the client to ensure access adherence.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||2-factor authentication|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS UK Ltd|
|ISO/IEC 27001 accreditation date||14/4/2014|
|What the ISO/IEC 27001 doesn’t cover||All covered.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We have our own information and security reporting policy and process. It aims to ensure the appropriate confidentiality, integrity and availability of its data. The principles defined in this policy will be applied to all of the physical and electronic information assets for which we are responsible.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We follow the guidance as laid out by ITIL. ITIL change management is a process designed to understand and minimise risks while making IT changes. Businesses have two main expectations of the services provided by IT:
1. The services should be stable, reliable, and predictable.
2. The services are able to change rapidly to meet evolving business requirements.
By assuring that all proposed changes are evaluated for their benefits and risks, and that all impacts are considered. All changes are thoroughly tested and that each deployment includes a back-out plan to restore the state of the environment should deployment fails.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
This is broken into 5 key stages:
1. Initial - the initial stage is a vulnerability management program
2. Managed - Defines a set of procedures for vulnerability scanning
3. Defined - Authenticated vulnerability scans are run on a weekly basis which produces reports to key managers
4. Quantitatively Managed - the specific attributes of the program are quantifiable and metrics provided
5. Optimising - optimising each of the metrics will ensure that the vulnerability of the system.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||Potential compromises are identified by regular brut force testing, which generates result reports of any compromises. Once identified, we implement security patches as soon as possible, within no longer than 48 hours.|
|Incident management type||Undisclosed|
|Incident management approach||We request that all incidents are reported to our Service Manager, via telephone, email, text. All incidents are managed in accordance with our Incident Handling Policy which is available upon request. All incident reports are combined and sent to our clients periodically. We restore the service to the customer as quickly as possible, often through work arounds or temporary fixes to keep the service online.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£50 to £1000 per transaction per week|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|