This G-Cloud 9 service is no longer available to buy.

The G-Cloud 9 framework expired on Monday 1 October 2018. Any existing contracts with PDMS Limited (Professional Data Management Services Limited) are still valid.
PDMS Limited (Professional Data Management Services Limited)

Rostering and Workforce Management Solutions

Nextrasoft are a leading edge provider of Next Generation Workforce Management Solutions to both the public and private sector for over 15 years. We have successfully implemented rostering, time and attendance, absence management and scheduling systems within a number of industry sectors through direct sales, partnerships and reseller agreements.

Features

  • Demand Driven Rostering
  • Resource Planning
  • Time and Attendance
  • Employee Self Service
  • Absence Management
  • Shortfall Resolution
  • Agency / Bank Staff Manageent
  • Expenses Management
  • Contract Management and Invoicing
  • Realtime Reporting

Benefits

  • Reduced and easily identified labour costs
  • Reduction in under utilisation of labour
  • Massively reduced time spent planning and scheduling
  • Rapid Resolution cover for absence via SMS and email messaging
  • Greater visibility and fairness in shift, day and role allocation
  • Ensured compliance with WTD rules
  • Much earlier notification of published rosters
  • Automatic and transparent implementation of union agreed rules

Pricing

£45,000 to £195,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 9

Service ID

8 6 0 3 9 4 3 3 9 9 1 1 8 8 7

Contact

PDMS Limited (Professional Data Management Services Limited) Catriona Watt
Telephone: +44 (0) 1624 664000
Email: saasenquiries@pdms.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
WIndows7 or above PCs

User support

Email or online ticketing support
Email or online ticketing
Support response times
09:00 to 17:00 Monday to Friday, excluding UK public holidays. (24/7 and public holidays can be agreed).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.0 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support availability 09:00 to 17:00 Monday to Friday, excluding UK public holidays. (24/7 and public holidays can be agreed). A response to a support request can be expected to be received within 4 (four) Working Hours of the support call being raised. A resolution, or work-around, can, in most cases, be expected to be received within 7.5 (seven and a half) Working Hours of the support call being raised for Priority 1 incidents. Further information is available within our Service Definition document.
Support available to third parties
No

Onboarding and offboarding

Getting started
Super-users are fully trained via on-site training and a comprehensive personalised 150+ page user guide. End-users are generally trained through a train-the-trainer approach, although direct training is also available where required.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
Data Extracts can be agreed and provided via the Web-Service API, or alternatively via CSV download. Another option is also for direct database data extraction using the provided database schema.
End-of-contract process
If the Service is terminated either by the Customer or by PDMS, PDMS will contact the Customer to establish your off-boarding requirements.
PDMS will supply your data to you on Termination as described below;

▪ A standard extract of data in a delimited form to facilitate uploading to an alternative service. This will include suitable definitions of the extracted files and delimited fields.
▪ Relationships between entities will also be retained/supported through the use of appropriate keys
▪ Bespoke data extract requirements can also be provided on request, but would form part of a service request.

The cost of this is not included in the subscription to the service.

Other mechanisms are available and can be requested by Contacting PDMS (either at Take-up or at Termination). Use of another mechanism may incur an additional service charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Solution runs as standard on any web enabled modern smartphone browser and is fully compliant with iOS, Android and Windows devices.
Accessibility standards
WCAG 2.0 A
Accessibility testing
No specific interface testing with assistive technology has been undertaken, however the product also supports a wide range of personalisation options to accommodate specific accessibility requirements if needed.
API
Yes
What users can and can't do using the API
The API is provided as standard via Web Services. Bespoke options for direct database integration are also available. The API fully supports upload and download of data. The method for setting up the API is to visit a 'discovery' URL that will provide the details of the supported methods. Once this has been configured, data can be sent and received from the API. There are no limits to the numbers of users using the API.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The whole product is designed from the ground up to be extensible. Every screen, function and process can be bespoked if required. Configuration is carried out using a mixture of built in tools and external SQL Management Tools. Users can attend a series of training courses in order to learn the necessary skills for customization.

Scaling

Independence of resources
PDMS can either host on a highly resilient infrastructure using multiple storage, memory and processing units across multiple locales or on premise if requested by the customer.
Each instance of the product is allocated dedicated resources which are not impacted by other users.
PDMS holds ISO 27001:2013 Information Security Management System standard certification and Cyber Essentials.

Analytics

Service usage metrics
Yes
Metrics types
Service usage metrics can be provided to include user logins, data transfer and session login time. These are usually configured to specific client requirements however as required.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Nextrasoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Secure Tier 3 Data centres, Secure containers, racks or cages, Physical access control Encryption of Physical media, Safe destruction of physical media.
Database data is securely encrypted at database level
On premise installations/access agreed with client.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The product has built in reports that can be viewed on screen, sent straight to a printer or converted to PDF or CSV. Key reports will also be provided via the Web-Service API in XML format for analysis using 3rd product analysis tools.
Data export formats
  • CSV
  • Other
Other data export formats
XML via the Web-Service API
Data import formats
  • CSV
  • Other
Other data import formats
Demand Data etc. can be uploaded for certain functions.

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service Availability is set at 99.9%.

SLA's are typically;
P1 - A consultant will start to address the problem no later than 4 working hours from the time of the call being logged.

SLAs can be tailored to meet the needs of each individual customer.

Refunds are managed on a case-by-case basis and pre-agreed at contract stage
Approach to resilience
Available on request.
Outage reporting
Email alerts inform PDMS of any unplanned outage. Planned outages are communicated to customers via email and telephone well in advance of the outage. Mobile or locally installed copies of the system can operate whilst the central system is offline.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
The user is authenticated against a recorded username and password. The passwords are not stored as plain text, but are compared to a password hash that is stored against each account. If required access can also be allowed only from white-listed IP addresses.
Access restrictions in management interfaces and support channels
All management interfaces and support channels require users to login with a username and password. Access is restricted to the items / area that are relevant to the user.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
02/09/2016
What the ISO/IEC 27001 doesn’t cover
Nothing - All areas of the business and our services are in scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security accreditations
Yes
Any other security accreditations
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance accreditation
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As part of its ISMS, PDMS have the following policies and processes; Information Security Policy, Secure Development Process, Acceptable Use Policy, Change Control Policy, Data Classification and Handling Policy, Data Protection Policy, Business Continuity Policy and an Incident Management Process, all of which are governed, managed and audited through our ISO certifications. All policies are owned and regularly reviewed by the relevant departmental manager. It is the responsibility of each departmental manager to ensure that all of their staff follow the information security policies and processes, however compliance is audited by the Quality and Standards Manager, with any issues identified reported to the relevant manager, for rectification. Operationally, Information Security is managed by the Chief Technical Officer who reports directly to the Managing Director and has overall ownership at Board Level for Security, allowing issues that require immediate escalation to be reported to the Directors. Operational Issues that do not require immediate escalation are discussed at the monthly management meetings, where it is a standing issue. All issues discussed during these meetings that require escalation are reported upwards to Board of Directors for it to be discussed, where appropriate.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All software released to test machines/environments for customer sign off prior to promotion to live environments.
Online web changes can be subject to 3rd party penetration testing at additional cost.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Constant reviews of supported software versions and patches available will determine the frequency they are applied to customer test and then live environments.
Info received from 3rd party software provider and anti virus providers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Available on request
Incident management type
Supplier-defined controls
Incident management approach
PDMS allow all staff the ability to report security incidents through a number of methods, including email, telephone, and system based forms. Ultimately all reported incidents are managed by the Chief Technical Officer, who follows the Incident Management Process, which identifies how the incident should be managed, including when to provide updates to any customers that may be affected. Customer Incident Reports are normally provided in a written document. All incidents are reviewed following their satisfactory conclusion, in order to determine what lessons can be learned, in order to improve the process or prevent future occurrences.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£45,000 to £195,000 a unit a year
Discount for educational organisations
No
Free trial available
No

Documents

Pricing document
Pricing document
Skills Framework for the Information Age rate card
Skills Framework for the Information Age rate card
Terms and conditions document
Terms and conditions document

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.