Talent Platform
CHR Solutions provides an integrated cloud platform product for managing talent in your organisation. It connects with existing department systems and workflows to provide a rich feature set covering the staff user journey through recruitment, workforce planning, apprenticeships, team collaboration, communities of practice and digital learning.
Features
- Manage job families, roles, titles and vacancies
- Collaborate and manage advertising campaigns
- Collaborate and manage recruitment events, assess and appoint candidates
- Manage staff onboarding, probations and apprenticeships
- Manage coaching plans and periodic reviews
- Manage workforce planning and skills gap analysis
- Promote learning through online courses, training and learning pathways
- Managing apprenticeships, staff promotions and career pathways
- Collaborate through communities of practice and staff teams
- Manage offboarding processes and staff feedback
Benefits
- Reassurance – market leader of learning and workflow solutions
- Versatility – scalable L&D services in wide range of formats
- Flexible – friendly and experienced support teams working with you
- Expertise – implementation, training, legalities, data security and privacy
- Performance – remove manual tasks and boost collaboration
- Secure – end-to-end control of data
- Reliability - Service available at least 99.5%, 24/7/365
- Client control – add your own content, features and branding
- Bespoke – customised learning and development solutions
Pricing
£250,000 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 2 2 3 2 5 1 3 1 2 6 1 2 8 6
Contact
CHR Solutions Limited
Lawrence Longstaff
Telephone: 07957231199
Email: lawrencelongstaff@chrsolutions.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
HR Management Systems
Employee Benefits Systems
Talent Management Systems
Other internal organisational systems - Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
-
Technical support is available between 8.30 am and 5.30 pm Monday to Friday. Outside of these times support requests can be logged 24x7 via email. Requests will be prioritised as required during business hours and an anticipated turnaround time provided on a per case basis.
It supports the latest stable releases of Microsoft Edge, Chrome, Firefox and Safari. It is accessible on any device with the latest stable releases of iOS and Android with a modern browser. - System requirements
- Cloud-based
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
0-8 hours (during business hours) for issues classified as high priority.
48 hours for issues classified as medium priority.
5 working days for issues classified as low priority. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
High priority: Loss of access for all users or loss of data will be dealt with immediately. Initial contact will be with your dedicated account manager who will escalate to the Technical Director as required. Our service is monitored 24 x 7 and automated alerts issued to key personnel as soon as service degradation is detected.
Medium priority: Data requests or bugs impacting low numbers of users will be acknowledged within 4 working business hours. Your dedicated account manager will proactively keep you updated.
Low priority: Low level bugs such as cosmetic or browser specific problems will be acknowledged within 4 working business hours with an ETA provided by your account manager. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Online training and documentation
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- User data can be exported via CSV and uploaded to a new system.
- End-of-contract process
- All access is revoked after the end of the contract, all negotiations about renewal of contract will happen before the end date. The data is maintained for 30 days after the end of the contract to comply with our Disaster Recovery Policy.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
Our Toolkit is an online provision of over 100 features and numerous dashboards which support a connected journey through our three main topic headings: Talent Management, Workforce Planning, and Learning Management.
Our platform is fully responsive – offering a consistently excellent user experience on any device with a modern browser, meaning staff are able to access the resources wherever and whenever they need it. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We have technology that tests and provides reports on our accessibility compliance
- API
- Yes
- What users can and can't do using the API
- Users cannot make changes to the API
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The platform can be customised in many levels:
Logo
Favicon
Mobile tile
Colour scheme
Playlists
Contents in general
Support contact
Phone number
Scaling
- Independence of resources
-
Our service should be available at least 99.5% of the time on a 24/7/365 basis.
We use cloud technology to scale resources up or down based on demand
Analytics
- Service usage metrics
- Yes
- Metrics types
-
In a determined period of time, the manager can see and download:
Active Users
New Users
Total Time Spent in Resources
Usage (Total View) by Date
Resources Accessed by user, date and topic
Usage (Total View) by Date
Resources Accessed by user, date and topic. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- By Excel from within the system
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.
Availability and resilience
- Guaranteed availability
- Our Service should be available at least 99.5% of the time on a 24/7/365 basis.
- Approach to resilience
-
Our platform architecture is deployed by leveraging AWS features. Critical platform components are replicated across multiple AWS Availability Zones, each of them designed as an independent failure zone. All data centres are online and serving customers. No datacentre is "cold". In case of failure, automated processes move customer data traffic away from the affected area. Each availability zone is designed as an independent failure zone.
We leverage this capability by balancing the architecture components between two Availability Zones to keep the system operational even if one stops working.
In case of a failure, the DNS is configured to exclude the unhealthy services from the pool of available services and redirect the traffic to the operational Availability Zone. To cover the increase of traffic in the new zone, the automatic scalability process will begin creating the extra resources needed to keep the service at an acceptable response level. Once the original Zone is back online, the operation team follows a standard procedure to remove the old services that are out of sync. They will then recreate the needed system and link this with the other Zone. The traffic will then start flowing into the original data centre. - Outage reporting
-
We have a monitoring team available 24/7.
The alerts triggered by high level issues come via Slack, Email and automated phone calls.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- Minimum access is granted.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
-
2FA is enabled to any database or webservice associated with management of the service.
Access to our internal management application is only possible via SSO.
Any patches or changes are only allowed if connected to the VPN with individual and timestamped credentials.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Provided by a participating learning organisation with support from Account Manager.
- Information security policies and processes
-
Policies are reviewed on at least an annual basis.
Procedures have been established in order to set basic rules for building security into the entire HR process to ensure that policies and procedures are in place to address security issues. Our Employee Handbook contains specific guidance about home working, data protection, information security policy, access control, acceptable use, virus prevention and system security, intrusion detection, remote access, server security, etc.
Personnel are required to complete security awareness training.
Staff are required to undertake compliance training on an annual basis.
All contractors have to sign a written contract we have in place and we hold regular meetings with them to ensure all contractual obligations are being met.
We ensure that all third parties adhere to our policies, as do internal core employees, and adopt the same level of control, audit capability and industry certification. They are all governed by a GDPR compliant data protection contract.
Minimum access required is practised, and all access is monitored and recorded to an individual.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
A systematic approach is applied to managing change and ensuring that changes to customer-impacting aspects of any functionality are reviewed, tested and approved. Change management standards are based on established guidelines and tailored to the specifics of each change request. Program change documents and security best practices are documented on Wiki and Jira.
The development environments are accessed only by authorised developers and the testing environments are separated from the production environments.
Changes are tested according to established Change Management standards prior to migration to production. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We use a system called Data Dog for the following: Security Analytics (siem), Intrusion Detection (conjunction with ossec), Log Data Analysis, File Integrity Monitoring, Vulnerability Detection, Regulatory Compliance (such as GPDR and PCI/DSS) .
In the event that a potential or actual breach is detected the task to identify the cause and remediate the breach is worked immediately. If such action involves patching, patches are tested and evaluated before they are installed to ensure they are effective and do not result in side effects that cannot be tolerated - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Continuous monitoring is performed for recommended critical patches and upgrades in order to mitigate risks resulting from exploitation of published vulnerabilities. Any detected security vulnerability is triaged and remediations are prioritised above and beyond to CVSS score depending on several other factors such as exploit availability, malware availability, social media activity, affected assets value etc.
We perform vulnerability scans every month and whenever a major change is made.
Alerts for high risk processing are monitored in real time and anomalies are followed up immediately.
We have documented and maintained threat and vulnerability management policies and procedures. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Documented policies and procedures for reporting security, availability and confidentiality incidents are in place for identifying, acting upon and reporting failures, incidents and other security concerns. Incidents are logged within a ticketing system, assigned severity rating and tracked to resolution. An Information Security Incident Response Team (ISIRT) is in charge for the response and mitigation activities and escalation of incidents.
Clients will be notified immediately of the discovery of a security breach or data loss incident and all corrective actions will be communicated and shared with client council. Any preventative controls will be agreed with client council.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We have set up a team responsible for identifying opportunities to tackle climate change and recycling policies.Covid-19 recovery
Our Coronavirus Advice Team coordinates all internal efforts to recover from the pandemic, including setting direction on travel policies, office working, etcTackling economic inequality
Charity activities planning is performed twice annually where we look to contribute to several charity organisations that add value to society and target economic inequality. All staff are able to nominate and vote on contributions.Equal opportunity
We adopt fair employment practices including an anonymised application process whereby hiring managers shortlist based on applications with no personal information, just employment history and skills/responsibilities. We also offer: clear flexible working policy and process; enhanced maternity, paternity and adoption leave; flexible approach to home and office-based working.Wellbeing
Social and wellbeing check-ins are offered to all staff members.
Pricing
- Price
- £250,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No