Leesman Limited

Leesman Online Analytics

Our data services and research insights work together so you can give your employees an outstanding experience, wherever they work.

Features

• workplace experience insights analytics
• reporting
• remote access
• benchmarking
• sector analysis

Benefits

• greater workplace experience for employees

£9,000 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@leesmanindex.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

109346255773229

Contact

Gemma Williams
02032395980
finance@leesmanindex.com

Service scope

• Service constraints: No
• System requirements: Certain browser requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: SLA
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: 1. Services overview; Leesman provides workplace performance benchmark analytics by collecting data from an organisation’s employees who complete a Leesman survey. This data is then presented to the client to outline how well the workplace supports its employees.; 2. Service process; Once project scope is defined, Leesman builds a survey based on the client’s specifications (department names, business units, tailored questions, etc.). Leesman then provides a link to the client for testing purposes. Once the link is approved by the client, the survey is made live and the client distributes the link to its employees, inviting them to complete the survey (approx. 11 mins). The survey is typically open for two weeks but can be extended in order to increase the response rate. Once the survey is closed, the data is available online in a permissions-controlled environment, and a full diagnostic report is created.; ; Clients are provided with a dedicated account manager, who handles the building, testing and deployment of the survey as well as coordinates the final report production, supporting the client during all phases of the project. The account manager also trains the client on the Leesman analytics system.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • .pptx
  • .word
• End-of-contract data extraction: Personal data is deleted while anonymised survey data is kept under the Benchmark. The extract, if requested, is done by someone at Leesman internally and not by the user.
• End-of-contract process: Depends on client contract

Using the service

• Web browser interface: Yes
• Using the web interface: Analytics - access is via username and password. No data change is possible - however filtering analytics is possible.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Screenreaders
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Through autoscaling
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Database
  • Data
  • Code
• Backup controls: No user control is allowed.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA and support are structured for a platform that is not providing a real-time, financial critical, service. Leesman provides:; ; • A 99.5% uptime to our Survey and Analytics platform hosted on AWS.; ; • Using this tool: http://www.slatools.com/sla-uptime-calculator as a benchmark: 3 hours 36 minutes monthly downtime is permittable under a 99.5% uptime benchmark: anything over this target in any given month will be considered a missed uptime target.; ; • Scheduled Downtime is not considered Downtime for purposes of the Leesman Uptime SLA and will not be counted towards any Downtime Periods. Leesman will give at least 3 days’ notice period for scheduled downtime. If a system critical fix requires downtime – Leesman will give as much notice as possible. Leesman will keep fixes outside working days and hours; as a global business, time zones may limit our ability to do this.; ; • If the SLA is missed, the first escalation point is the Account Manager and then the Client Services Team. They will then escalate internally depending on the type and severity of the issue.; ; • Telephone/email support during London office business hours, 9 am to 6 pm GMT. Telephone +44 20 3239 5980.
• Approach to resilience: Available on request
• Outage reporting: Website and email

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All management must:; • Only sponsor access requests that have:; o A documented request; o Adequate and appropriate justification, based on the requester’s business need; Access administrators must:; • Only grant access requests that have:; o A documented request; o Adequate and appropriate justification; o Documented approval from relevant personnel; ; All account, service and platform access are managed through secure authentication controls.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CyberEssentials+
• Information security policies and processes: We have a policy tracker in place internally and a Legal Hub available on our website https://www.leesmanindex.com/legal/

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Through a standard SDLC and change management process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Patch - see
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: AWS alerts. copy
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Incident Response plan in place.; A formal and documented Incident Response Report (IRR) is to be compiled and given to management of Leesman within an acceptable timeframe following the incident. The IRR must contain the following elements (NIST, n.d.):; • Detailed description of the incident; • Response mechanisms undertaken; • Reporting activities to all relevant third parties as needed; • Recovery activities undertaken for restoring affected systems ; • A list of Lessons Learned from the incident and which initiative GPA can take to mitigate and hopefully eliminate the likelihood of future incidents

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS
• How shared infrastructure is kept separate: Logical separation

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: See AWS documentation

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  From understanding the future of work and place to fuelling collaboration, chasing net zero or maximising employee wellbeing, we help leaders transform the working world.

Pricing

• Price: £9,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@leesmanindex.com. Tell them what format you need. It will help if you say what assistive technology you use.