Populus Management Limited

Infinitemp: Workforce & Supplier Management Platform

Infinitemp; a fully configurable enterprise, temporary workforce management solution which optimises staff resource with powerful process management over the entire booking process, approval, electronic timesheet, real-time reporting, enabling total visibility and control. Product solutions to build effective internal and external staffing banks within a single, secure, GDPR compliant web-platform.


  • Complete end-to-end, highly configurable enterprise, workforce management solution
  • Real-time dashboards display workflow, staff usage, spend and performance metrics
  • Automated rules manage vacancy distribution to limitless recruitment agency suppliers
  • Electronic processes are real-time and phone, paper and fax free
  • Single candidate profile regardless of the number of agencies
  • Manage up to 10 time-based rates per vacancy ensuring accuracy
  • Manage temporary staff offers, assessment and selection, price negotiation electronically
  • Control compliant break glass approvals, spend escalation & exceptions
  • Electronic timesheets, automated monitoring with approved orders for accurate approvals
  • PAYE, Direct Engagement or Umbrella payment methodologies all available


  • Neutral staffing vendor platform, not tied to any recruitment agency
  • GDPR and Off-payroll compliance built directly into staff profile
  • Responsive, web-based technology, no downloads and zero footprint
  • Granular transactional activity log and audit trail, constantly GDPR compliant
  • Fully configurable to match your existing recruitment processes and practises
  • Vacancy, Assignment, Timesheet approval and Invoicing all in one system
  • Supply chain-wide visibility & control over quality, rates & fees
  • Beautifully designed, easy to use candidate, supplier and client portals
  • Time saving efficiencies via consolidated invoices from approved timesheets
  • Reliant, Full DR, CESG Official, IG3, ISO27001 & Regular CHECK


£0.55 to £3.85 per unit per hour

Service documents


G-Cloud 11

Service ID

8 9 0 7 3 5 5 9 9 5 4 7 5 5 3


Populus Management Limited

Mark Hathway



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned Maintenance, User content and customisations are constrained.
System requirements
  • A modern web browser, desktop or mobile
  • An active internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday - Friday 08:30 - 18:00
Service Outage - Initial Response 1 Hr
Process impairment - Initial Response 2 Hrs
Enquiry - Initial Response 8 Hrs

All other Times
Service Outage - Initial Response 1 Hr
Process impairment - Initial Response 2 Hrs
Enquiry - Initial Response Next Working Day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Conforms to WCAG 2.0 AA Standard
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels We provide technical help desk, telephone and email support during office hours free of charge.

If you opt for the full managed service provision, you will be assigned a dedicated account liaison executive to oversee your entire account and offer continued assistance with the management of your supply chain.

Account management is available 24/7/365, however, out of office hours account liaison staff work in rotation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer full configuration, training and deployment assistance and support from our implementation and onboarding team.

We offer training on the software in various forms at the request of the client; these include electronic system documentation, onsite training, live webinars, recorded webinars, pre-recorded animations and screen casts and offsite classroom training at our head offices or your chosen location.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We can provide CSV and XML data files of all created data and associated transnational data records in line with GDPR requirements on data sharing and retention. We would work with the client, delivering relevant and required data at contract cessation.
End-of-contract process Our off boarding team will set out a plan for a managed exit, whether that be back to the business internally or handed over to another provider. Core data files can be created and shared. Transnational data will be offered as CSV or XML data files, there is no migration of this data due to the potential differences to any new provider. All data extracts would be provided as part of contract cessation workflow and at no extra cost to the client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our mobile service is primarily aimed at candidates picking up shifts issued from the staff bank and also submitting timesheets and monitoring account messages and notifications. Whereas the desktop version is aimed at initial account registration and document uploads during profile creation. All key performance metrics and dashboards are available on any size device.
Service interface No
What users can and can't do using the API We would work with clients to make necessary changes or connection via our API to other software and services required to integrate with Infinitemp.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Infintemp is enterprise software and during implementation with a new client, will be configured to match a clients specific workflow. Candidate compliance, rates and induction processes and documentation can be fully configured. We also offer multiple variants of consolidated invoicing so that clients can streamline their invoicing processes.


Independence of resources We operate a load balanced, AWS autoscaling environment to maintain SLA agreements of speed, latency and load with each end user. Which means our environment automatically scales without limits inline with the demand placed upon it.


Service usage metrics Yes
Metrics types Our real time dashboards provide constantly updated usage metrics in relation to staff resources, usage, approval stages and spend for vacancies, assignments, timesheets and invoices. Visual graphical metrics are also displayed for the last 12 months usage on vacancies, assignments and timesheets grouped by staff group.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Upon request, we will create an export the data files and deliver them to the client for use, storage or migrating over to a new provider.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Adobe Portable Display Format (.pdf)
  • Microsoft Word (.docx)
  • Microsoft Excel (.xls)
  • Microsoft CSV (.csv)
  • Extensible Markup Language (.xml)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Infinitemp is managed by a clearly defined set of Service Level Agreements (SLA) standards. All Infinitemp support is provided by a dedicated Support Team, which administers related issues at Infinitemp. Live monitoring of Infinitemp is completed in AWS, which flags any approach to degradation of service standards or vulnerabilities with alerts, and the user experience is regularly monitored and reviewed by the Infinitemp Support Team.

Service credits are detailed as percentile rebates of the annual Annual Licence Fee; this does not include any Setup or Processing fees.
Approach to resilience Available upon request. Infinitemp is deployed and hosted via Amazon Web Services (AWS). Infinitemps physical infrastructure is hosted and managed within Amazon’s secure data centers and utilises the AWS technology. Amazon’s secure data centers and utilises the AWS technology. AWS’s data center operations have been accredited under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)

All traffic between our clients and Infinitemp servers is encrypted through SSL. SSL certificates are created by using RSA and DSA based ciphers. We adhere to the recommended security policies provided by Amazon ELB. For more information please refer to the official page of AWS ELB security policies. We also use HSTS policy to protect Infinitemp against protocol downgrade attacks and cookie hijacking.
Outage reporting We have a dashboard that monitors CRON jobs, we also utilise communication platform Intercom and email alerts and app push notifications to announce and inform of planned and unplanned outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access is controlled by 3 mechanisms. Firstly, to access the system, a user name (verified email) and password is required. Secondly, each user must be assigned a role and roles restrict functional access (what can be done). Finally, each user must be given permission to the data on which functions can be performed. Roles and data permissions can only be defined by authorised administrators who then invite users.

This along with our controlled access to our support software ensures we have acute control over management access.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 18/01/2019
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We conform to ISO/IEC 27001:2013 information security standard which forms the basis of our Information Security Policy distributed and signed by all our employees and forms the basis of our formal accreditation of Cyber Essentials Plus. This forms an end-to-end process and along with risk identification and mitigation, provides appropriate controls over human resource (before, during and after employment), asset management, access control, operational controls and segregation of duties, communications, infrastructure security along with the system development and maintenance. This security policy is critical to the operational security and thereby provides a framework to for vulnerability management, protective monitoring, incident management and configuration and change management.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All of our services and their components are tracked through their lifetime and monitored for change or impacts on security or data degradation. When change is required, our change management or development procedure is activated. All changes and developments are built in a separate, mirrored development environment, unit and load tested in a UAT environment, training (where required) is delivered in a training environment and finally changes and developments are merged into a live production environment.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Regular security reviews are undertaken through manual IT Health Checks and Penetration Tests, and automated vulnerability scanning of the application infrastructure and code base confirming to CESG CHECK, CREST, ISO/IEC 27001:2013, Cyber Essentials Plus and OWASP standards for web applications and adhere to applicable legal, statutory and regulatory compliance obligations. Active management of new threats, vulnerabilities or exploitation techniques are critical to the service we offer and our partner provides instant access to new threats and vulnerabilities, providing appropriate severity and risk profile and necessary changes are managed via the strict change control processes and patches deployed within 4 hours.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our service operates and is managed securely in order to impede, detect or prevent attacks. This is application led in UX design and functional processes, along with active monitoring of system load with full audit logging and system-wide email triggers to identify suspicious activity. These events are monitored real-time and alerts raised from the system directly and via email, along with monitoring by our highly experienced application and infrastructure support teams. Potential compromises will be logged as Priority 1 tickets in our support desk system available 24/7/365 and usually responded to within 15 minutes and solved within 1 hour.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Pre-defined incident management processes are in place for the service and are actively deployed in response to security incidents. Incidents can be raised via the proactive monitoring processes, or directly from clients, partners or the system users using in-app messaging or directly via email to our support desk. The issue will be logged and prioritised accordingly with escalation internally, or to third parties (i.e. hosting provider) as required to ensure the incident is dealt with appropriately and in a timely manner in line with SLA and ensuring actions pursuant to the issue maintain data integrity.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.55 to £3.85 per unit per hour
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑