Skip to main content

Help us improve the Digital Marketplace - send your feedback

CHR Solutions Limited

Talent Platform

CHR Solutions provides an integrated cloud platform product for managing talent in your organisation. It connects with existing department systems and workflows to provide a rich feature set covering the staff user journey through recruitment, workforce planning, apprenticeships, team collaboration, communities of practice and digital learning.

Features

  • Manage job families, roles, titles and vacancies
  • Collaborate and manage advertising campaigns
  • Collaborate and manage recruitment events, assess and appoint candidates
  • Manage staff onboarding, probations and apprenticeships
  • Manage coaching plans and periodic reviews
  • Manage workforce planning and skills gap analysis
  • Promote learning through online courses, training and learning pathways
  • Managing apprenticeships, staff promotions and career pathways
  • Collaborate through communities of practice and staff teams
  • Manage offboarding processes and staff feedback

Benefits

  • Reassurance – market leader of learning and workflow solutions
  • Versatility – scalable L&D services in wide range of formats
  • Flexible – friendly and experienced support teams working with you
  • Expertise – implementation, training, legalities, data security and privacy
  • Performance – remove manual tasks and boost collaboration
  • Secure – end-to-end control of data
  • Reliability - Service available at least 99.5%, 24/7/365
  • Client control – add your own content, features and branding
  • Bespoke – customised learning and development solutions

Pricing

£250,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lawrencelongstaff@chrsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 2 2 3 2 5 1 3 1 2 6 1 2 8 6

Contact

CHR Solutions Limited Lawrence Longstaff
Telephone: 07957231199
Email: lawrencelongstaff@chrsolutions.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
HR Management Systems
Employee Benefits Systems
Talent Management Systems
Other internal organisational systems
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Technical support is available between 8.30 am and 5.30 pm Monday to Friday. Outside of these times support requests can be logged 24x7 via email. Requests will be prioritised as required during business hours and an anticipated turnaround time provided on a per case basis.

It supports the latest stable releases of Microsoft Edge, Chrome, Firefox and Safari. It is accessible on any device with the latest stable releases of iOS and Android with a modern browser.
System requirements
Cloud-based

User support

Email or online ticketing support
Email or online ticketing
Support response times
0-8 hours (during business hours) for issues classified as high priority.
48 hours for issues classified as medium priority.
5 working days for issues classified as low priority.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
High priority: Loss of access for all users or loss of data will be dealt with immediately. Initial contact will be with your dedicated account manager who will escalate to the Technical Director as required. Our service is monitored 24 x 7 and automated alerts issued to key personnel as soon as service degradation is detected.

Medium priority: Data requests or bugs impacting low numbers of users will be acknowledged within 4 working business hours. Your dedicated account manager will proactively keep you updated.

Low priority: Low level bugs such as cosmetic or browser specific problems will be acknowledged within 4 working business hours with an ETA provided by your account manager.
Support available to third parties
No

Onboarding and offboarding

Getting started
Online training and documentation
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
User data can be exported via CSV and uploaded to a new system.
End-of-contract process
All access is revoked after the end of the contract, all negotiations about renewal of contract will happen before the end date. The data is maintained for 30 days after the end of the contract to comply with our Disaster Recovery Policy.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Our Toolkit is an online provision of over 100 features and numerous dashboards which support a connected journey through our three main topic headings: Talent Management, Workforce Planning, and Learning Management.

Our platform is fully responsive – offering a consistently excellent user experience on any device with a modern browser, meaning staff are able to access the resources wherever and whenever they need it.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have technology that tests and provides reports on our accessibility compliance
API
Yes
What users can and can't do using the API
Users cannot make changes to the API
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The platform can be customised in many levels:
Logo
Favicon
Mobile tile
Colour scheme
Playlists
Contents in general
Support contact
Phone number

Scaling

Independence of resources
Our service should be available at least 99.5% of the time on a 24/7/365 basis.

We use cloud technology to scale resources up or down based on demand

Analytics

Service usage metrics
Yes
Metrics types
In a determined period of time, the manager can see and download:
Active Users
New Users
Total Time Spent in Resources
Usage (Total View) by Date
Resources Accessed by user, date and topic

Usage (Total View) by Date
Resources Accessed by user, date and topic.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
By Excel from within the system
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.

Availability and resilience

Guaranteed availability
Our Service should be available at least 99.5% of the time on a 24/7/365 basis.
Approach to resilience
Our platform architecture is deployed by leveraging AWS features. Critical platform components are replicated across multiple AWS Availability Zones, each of them designed as an independent failure zone. All data centres are online and serving customers. No datacentre is "cold". In case of failure, automated processes move customer data traffic away from the affected area. Each availability zone is designed as an independent failure zone.
We leverage this capability by balancing the architecture components between two Availability Zones to keep the system operational even if one stops working.
In case of a failure, the DNS is configured to exclude the unhealthy services from the pool of available services and redirect the traffic to the operational Availability Zone. To cover the increase of traffic in the new zone, the automatic scalability process will begin creating the extra resources needed to keep the service at an acceptable response level. Once the original Zone is back online, the operation team follows a standard procedure to remove the old services that are out of sync. They will then recreate the needed system and link this with the other Zone. The traffic will then start flowing into the original data centre.
Outage reporting
We have a monitoring team available 24/7.
The alerts triggered by high level issues come via Slack, Email and automated phone calls.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Minimum access is granted.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
2FA is enabled to any database or webservice associated with management of the service.
Access to our internal management application is only possible via SSO.
Any patches or changes are only allowed if connected to the VPN with individual and timestamped credentials.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Provided by a participating learning organisation with support from Account Manager.
Information security policies and processes
Policies are reviewed on at least an annual basis.
Procedures have been established in order to set basic rules for building security into the entire HR process to ensure that policies and procedures are in place to address security issues. Our Employee Handbook contains specific guidance about home working, data protection, information security policy, access control, acceptable use, virus prevention and system security, intrusion detection, remote access, server security, etc.
Personnel are required to complete security awareness training.
Staff are required to undertake compliance training on an annual basis.
All contractors have to sign a written contract we have in place and we hold regular meetings with them to ensure all contractual obligations are being met.
We ensure that all third parties adhere to our policies, as do internal core employees, and adopt the same level of control, audit capability and industry certification. They are all governed by a GDPR compliant data protection contract.
Minimum access required is practised, and all access is monitored and recorded to an individual.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A systematic approach is applied to managing change and ensuring that changes to customer-impacting aspects of any functionality are reviewed, tested and approved. Change management standards are based on established guidelines and tailored to the specifics of each change request. Program change documents and security best practices are documented on Wiki and Jira.
The development environments are accessed only by authorised developers and the testing environments are separated from the production environments.
Changes are tested according to established Change Management standards prior to migration to production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use a system called Data Dog for the following: Security Analytics (siem), Intrusion Detection (conjunction with ossec), Log Data Analysis, File Integrity Monitoring, Vulnerability Detection, Regulatory Compliance (such as GPDR and PCI/DSS) .
In the event that a potential or actual breach is detected the task to identify the cause and remediate the breach is worked immediately. If such action involves patching, patches are tested and evaluated before they are installed to ensure they are effective and do not result in side effects that cannot be tolerated
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Continuous monitoring is performed for recommended critical patches and upgrades in order to mitigate risks resulting from exploitation of published vulnerabilities. Any detected security vulnerability is triaged and remediations are prioritised above and beyond to CVSS score depending on several other factors such as exploit availability, malware availability, social media activity, affected assets value etc.
We perform vulnerability scans every month and whenever a major change is made.
Alerts for high risk processing are monitored in real time and anomalies are followed up immediately.
We have documented and maintained threat and vulnerability management policies and procedures.
Incident management type
Supplier-defined controls
Incident management approach
Documented policies and procedures for reporting security, availability and confidentiality incidents are in place for identifying, acting upon and reporting failures, incidents and other security concerns. Incidents are logged within a ticketing system, assigned severity rating and tracked to resolution. An Information Security Incident Response Team (ISIRT) is in charge for the response and mitigation activities and escalation of incidents.

Clients will be notified immediately of the discovery of a security breach or data loss incident and all corrective actions will be communicated and shared with client council. Any preventative controls will be agreed with client council.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We have set up a team responsible for identifying opportunities to tackle climate change and recycling policies.

Covid-19 recovery

Our Coronavirus Advice Team coordinates all internal efforts to recover from the pandemic, including setting direction on travel policies, office working, etc

Tackling economic inequality

Charity activities planning is performed twice annually where we look to contribute to several charity organisations that add value to society and target economic inequality. All staff are able to nominate and vote on contributions.

Equal opportunity

We adopt fair employment practices including an anonymised application process whereby hiring managers shortlist based on applications with no personal information, just employment history and skills/responsibilities. We also offer: clear flexible working policy and process; enhanced maternity, paternity and adoption leave; flexible approach to home and office-based working.

Wellbeing

Social and wellbeing check-ins are offered to all staff members.

Pricing

Price
£250,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lawrencelongstaff@chrsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.