Cello Software Limited

tracker2 Online Paperless Leave Management and Attendance System

tracker2 Online Leave Management System is used by numerous hospitals to monitor all types of Leave (Annual, Study, Special, Sick Leave) It monitors attendance at courses, mandatory training and in-house training.
It allows for multiple levels of access. It is securely hosted on dedicated servers backed up in the UK.


  • Online Leave management, remote access,
  • Attendance record, mandatory training record, real-time analytics
  • Calendar view, multiple level of access, leave clash alert
  • Multiple types of Leave, annual, study, special, sick
  • Secure login, secure dedicated servers, secure backup
  • Real-time Overview, in-house courses attendance record
  • Financial governance and budget allocation per group of employees
  • Course evaluation analytics,
  • Local Meeting Attendance Monitoring, QR code scanning


  • Remote Leave application, multiple levels of approval,
  • All Leave recorded in one place, online flexible reports
  • Calendar view by department or section, connects the whole organisation
  • Electronic record of Leave in multiple format (xlsx, docx etc.)
  • Saves thousands of hours on paper trail
  • Secure audit trail for each application process
  • Manages financial budget allocation, up to date financial records
  • Empowers employees to exercise governance managing their own leave
  • Electronic record of in-house meetings through advance technology


£14000 per licence per year

Service documents


G-Cloud 11

Service ID

9 0 4 6 2 3 3 2 1 9 3 6 4 6 3


Cello Software Limited

Hani Zakhour

0151 348 4035


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Internet connection, reasonable up to date hardware, occasional service downtime for updates and maintenance.
System requirements
  • Internet or 3G/4G link
  • Works on Windows and Mac OS X platforms
  • Works on tablets, smartphones and other mobile devices
  • Requires minimum input from System administrator
  • Requires Annual support licence
  • Requires a cloud hosting (provided by Cello Software)
  • Requires a reasonable level of computer literacy

User support

Email or online ticketing support
Email or online ticketing
Support response times
1st Response is immediate, 2nd response is within 24 hours. Same response at weekend.
Support Services shall be provided only to the Client’s Systems Administrator. The Company will provide support and advice through the following channels:
1. By email/telephone during normal working hours
9.00 – 17.00 Monday-Friday excluding public holidays
2. On-line support
3. On-site visits (Chargeable)
Further details are outlined in the Service level agreement
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Contact by the Client should in the first instance be by email to support@cellosoftware.co.uk
Requests for support by the Client will be classified in the following categories:
A Urgent (Red) eg: if the server is down;
B High Priority (Amber) eg: non-server software errors;
C Medium Priority (Green) eg: problems that can wait up to 5 days for resolution;
D Low Priority (Black) eg: requests for new functionality and software upgrades.
Support available to third parties

Onboarding and offboarding

Getting started
We commence with on site training. The length of the session depends on the number of users attending. We normally train system managers and system administrators. Standard users require minimal training as the System is intuitive. User documentation is online in the form of help files which open in separate tabs. Online advice and instructions can be provided once the system is purchased.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted via running a multitude of reports in commonly known format. This can be done on an individual basis or for an entire group or section of users.
End-of-contract process
The cost of the contract includes the import of demographic data of the users of the client organisation. It includes the first year license, support by email and for urgent matters as agreed with client by telephone. The contract price includes any updates for the year of the contract. Major updates are offered free for the remainder of the year but charged for at the anniversary of the contract.
At the end of the contract the user can either renew the contract or not renew the contract upon which the service and the access to the system is discontinued. Data will be available to extract within the period of the contract but not after the contract has finished. The client data is destroyed by Cello Software after the end of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Staff users can use mobile devices for full access of service
Admin users can use the vast majority of features on mobile devices and full features on desktop devices
Service interface
What users can and can't do using the API
Part of our software is reliant on an API technology but it is invisible to users. The service is not provided via an API
API documentation
API sandbox or test environment
Customisation available
Description of customisation
System administrators can customise access to the system. This is far too complex to describe in detail but it is extensive for the purpose of the software. Normal users must apply to System administrator for variety of customised access view, functions depending on the level they are working at.
An approver has a separate set of customised access in comparisson with a financial support individual or a section Manager, the combination is vast.


Independence of resources
The system has vast capacity, the sole limiting factor is internet speed and connectivity. Each organisation runs a separate account and therefore the strain on the system is somewhat distributed. Our largest organisation has 1400 employees. The total number of users is over 6 thousand.


Service usage metrics
Metrics types
On request at an extra cost.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
By running a report in either Standard MS Word format or Excel spreadsheet format
Data export formats
Other data export formats
  • MS word
  • MS excel
  • CSV can be reinstated currently inactive in the software
Data import formats
Other data import formats
  • MS Excel
  • CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
The buyer network is not used to store data. Our clients data are stored on a secure dedicated servers by our hosting company. All connections are standard https secure connections with the client . All files are first zipped and encrypted with a defined encrypting key before they are sent to the Backup server. The algorithm that is used to encrypt the files is Advanced Encryption Standard (AES), with 256-bit block ciphers. All communications between Backup Server and the Data Server are transported in a 128-bit SSL (Secure Socket Layer) channel.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Company will make all reasonable endeavours to respond to incidents as follows:
i an acknowledgement of receipt of the message within 1 working hour;
ii an initial response within 24 hours;
iii a detailed response within 48 hours from the initial response including an estimated time for fixing the problem. If no fault is found, the user will be contacted to ascertain the nature of the fault to decide whether the fault can be attributed to an element of the software or its environment.
The Company is not responsible for problems caused by matters outside its control; this includes local network problems, misuse of software, inappropriate use of the software, lack of assistance from the Client and matters of force majeure.The problem generating the support call shall be deemed resolved once the Client Systems Administrator and the Company has declared it so.
Approach to resilience
Available on request
Outage reporting
Email alerts or website news alert

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
The system is standalone. It does not curren tly interacts with other interfaces or other support channels. Access to management channels within the company is restricted to certain individuals on need to know basis.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Security Essentials
  • GDPR compliance for data security

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber security essentials issued by IASME
Information security policies and processes
We comply with the ICO GDPR criteria for security breach reporting. The company Data Protection Officer ensures that policies are adhered to

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our software is accessed only via secure connections. Updates are tested on secure devices. Our service and support is monitored through its lifecycle. Any change to service will need to meet our security criteria and the approval of our DPO
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Any unusual activities attempts to login, visible through our log.
‘Critical’ patches are deployed within hours
‘Important’ patches are deployed within 2 weeks of a patch becoming available
‘Other’ patches are deployed within 8 weeks of a patch becoming available
This is part of our declaration for attaining the Cyber security essential level.
Information about threats is obtained from IT blogs and our antivirus software news bulletins
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Suspicious activities which appear on the log.
We investigate against records of users
We respond urgently to potential threats and incidents
Incident management type
Supplier-defined controls
Incident management approach
We have a routine reporting process, users may report by email or in major breaches they would contact us by phone. We write to our users and inform them in a report what has taken place and how we addressed the incident.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£14000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Trial is for one day with the support of our organisation. It includes full access to the system using test data. It does not allow for unsupervised usage
Link to free trial

Service documents

Return to top ↑