NEXTRASOFT LIMITED

NEXTRASOFT Workforce Management Tools

Nextra Workforce Management solutions help drive business outcomes, engage employees, control labour costs, increase productivity, and minimise compliance risk for a wide range of both Public and Private Sector Organisations. Combining integrated HR, Rostering, Scheduling, Time and Attendance, Reporting and Payroll functionality into a single end to end solution.

Features

• Human Capital Management
• Employee Rostering
• Demand Rostering
• Time and Attendance
• Recruitment
• Reporting
• Payroll
• Employee Self Service
• Absence Management
• Compliance Management including Working Time Directive and GDPR

Benefits

• Reduced and easily identified labour costs
• Reduced absence as more priority is given to staff preference
• Rapid SMS / Email resolution to cover sickness or changes
• Greater visibility of leave booking and absence management trends
• Options for easier and fairer overtime requests (via text messaging)
• Greatly reduced manager administration time
• Reduced staff costs by up to 27%
• Improved Payroll accuracy and reduced payroll queries
• Ensured compliance with WTD rules
• Improved reporting accuracy and KPI visibility

£10.00 to £100,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richardk@nextrasoft.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

116374417331952

Contact

Richard Knight
01992 939 940
richardk@nextrasoft.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: NEXTRA will on an occasional basis plan system maintenance and upgrades, which will be notified to the customer in advance.
• System requirements:
  • Internet connectivity, typically broadband or fibre
  • IE11+, Firefox, Chrome, Safari and Edge browsers all supported

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 9am - 5.30pm
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Priority level 1 (Complete Failure) An event that could significantly impact the Customer’s business operation, including but not limited to anything that could lead to a loss of revenue (e.g.: complete failure to access software). It includes failure, corruption, severe performance degradation or non-availability of key infrastructure or a critical application which, until rectified, prevents the day to day functioning of a department or location e.g.: failure of critical servers or network where no resilience or failure exists, critical application back up failure, major security breaches or virus alerts; Priority level 2 (High) - An incident that has a major business impact and/or affects a number of users. It includes application or infrastructure failure affecting small groups of users within a department or location, resulting in them being unable to continue with day to day work e.g.: broken site links, back up failure or escalation of individual user incident (where authorised); Priority level 3 (Medium) - An incident that has a minor business impact. It includes failure or corruption of hardware or application, which until rectified, causes serious inconvenience and prevents an individual user from continuing with day to day work e.g.: password or log in failure
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full onsite training is provided in a train the trainer capacity. Fully ; customised documentation and training materials are provided
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: WORD
• End-of-contract data extraction: 1) All User Access to the Service will be terminated ; 2) The database will be backed up and this backup will be provided to the client; 3) The Termination of Service Backup will be held securely for a maximum of one month or until the client confirms receipt of the database, whichever is the shorter period ; 4) All copies of Backups held by NEXTRA will be destroyed
• End-of-contract process: End-of-contract process. At the end of the contract period, the buyers right to access the service will cease and the subscription payments will stop, as per the call-off agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The product is designed from the ground up to be optimised for mobile devices, whilst still providing the same user experience regardless of device. The software automatically recognises the capabilities of the browser and device being used and re-scales the user interface accordingly to show the most important information whilst still providing a drill down function to access the full data.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: The standard API allows access to the full range of staff personal data and their associated shifts, clockings and timesheets. Access to any other data is available on request as is the option to update data within the system via API
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Options exist in the product for updating many options including absence types, system labels, branding, access to enabling functionality for various user types and access to over 50 other tuneable system parameters.

Scaling

• Independence of resources: Independence of resources - Each client system exists as a virtual private cloud with dedicated resources, totally isolated from systems used by other customers. As a result each customer system is not impacted by other users.

Analytics

• Service usage metrics: Yes
• Metrics types: The system supports a full range of user analytics, including all user log ins and access to user tiles such as "my roster" and "my messages". If required however access to all system functionality can be logged and audited if required.
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: NEXTRA's implementation team will work with the customer to create a requirements document. In this document the integration team will specify the detailed content and format of each extract dataset, along with any file transport and communication requirements. NEXTRA will provide full documentation describing the steps necessary to install the product and any customer specific development.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.99% availability is available for hosted clients. Clients will be refunded a percentage of their hosting fee for periods of unavailability up to the full month's hosting fee.
• Approach to resilience: The service is designed from the ground up to be resilient. Hosted client's infrastructures use multiple resilient web servers protected and managed by a load-balancer. The hosted service can be provided with an optional disaster-recovery service. This service can either by enabled by the client or in collaboration with NEXTRA's technical services. Switch back from disaster recovery takes approximately 1 hour. All systems are backup up to off-site daily
• Outage reporting: Hosted clients are notified about service outages using email or by telephone.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through a combination of username and passwords, multi-factor authentication, firewalls, IP restrictions and network port restrictions as appropriate.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: Actively in progress
• What the ISO/IEC 27001 doesn’t cover: The ISO certification will cover the full product including all development, deployment and hosting processes
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 - Details to be updated

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All product upgrades and developments are managed using a comprehensive process of design documents leading to technical specifications, product build and final deployment documentation. ; ; All product developments are supported by a comprehensive testing programme that must be fully passed before deployment.; ; All software developments must also be reviewed by the senior technical team to ensure that product developments comply with company technical and security standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are assessed through a process of constant development and research into the latest browser and website vulnerabilities. Once identified, patches are developed extremely as a matter of the highest priority and can be deployed to potentially affected clients within hours.; ; Knowledge of threats are harvested from hosting partners, Microsoft's security bulletins and general web browsing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: NEXTRA utilises real-time protective monitoring of hosted systems to detect system, data violations or suspicious activity. The system utilises automatic black-listing of IP addresses of users demonstrating suspicious behaviour and these are raised as security alerts to the customer, together with recommended actions.
• Incident management type: Supplier-defined controls
• Incident management approach: NEXTRA has created a bespoke online support system for managing client support tickets. Clients can raise support tickets quickly online and all subsequent updates are managed through the same portal. Should additional information be required, our support helpdesk will contact the client to talk through their issue and recommend the appropriate process to resolve any issues. All tickets once closed are available for clients to review as required. The portal also includes access to all product documentation and FAQ's.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  We recognize our responsibility to help protect the planet. We are committed to minimizing the impact our firm has on the environment; and supporting those who are working to improve global environmental sustainability. Our environmental strategy seeks to address greenhouse-gas (GHG) ; emissions and waste across our entire operation as we strive to continually strengthen our environmental practices. ; We will comply with all applicable environmental laws and regulations.
• Equal opportunity:

  Equal opportunity

  The Company is fully committed to providing a good and harmonious working environment that offers equal treatment and equal opportunities for all employees and where every employee is treated with respect and dignity. The Company's aim is that remuneration, recruitment, promotion and retention should not be affected by irrelevant considerations and stereotyping.; The Company recognises that the provision of equal opportunities in the workplace is not only good management practice, it also makes sound business sense. The Company's equal opportunities policy will help all employees develop their full potential and the talents and resources of the workforce will be fully utilised to maximise the efficiency of the organisation.; Whilst the Company recognises that the overall responsibility for the effective operation of this policy lies with the Board of Directors, all employees, whatever their position within the Company, have some measure of responsibility for ensuring its effective implementation in their day to day activities and working relationships with colleagues.
• Wellbeing:

  Wellbeing

  NEXTRASOFT is committed to providing a healthy working environment and improving the quality of working lives for all staff. The wellbeing strategy aims to support the Company's mission and core values of freedom of thought and expression, freedom from discrimination and the recognition that the Company’s staff are its greatest asset.; NEXTRASOFT aim to create an environment to promote a state of contentment which allows an employee to flourish and achieve their full potential for the benefit of themselves and their organisation.; Through the integration of wellbeing in all work activities and practices, a positive environment can be created that is compatible with promoting staff engagement, performance and achievement. Working in partnership with all areas of the Company with a common interest in promoting a culture of wellbeing is key to the success of this strategy.; The wellbeing strategy’s ultimate goal is to improve the health, safety and wellbeing of NEXTRASOFT staff and to prevent work associated ill health, for the overall benefit of staff and the organisation. This encompasses the physical, mental and social health of employees and recognises that employees’ values, personal development and work within the University contribute to their overall wellbeing at work.; This action plan has been developed using CIPD’s five recognised domains of wellbeing, namely: health, work, values/principles, collective/social and personal growth.

Pricing

• Price: £10.00 to £100,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richardk@nextrasoft.com. Tell them what format you need. It will help if you say what assistive technology you use.