Crown Computing Limited

Crown Workforce Management Suite

This suite enables organisations to maximise their investment in their people, providing comprehensive Workforce Management functions comprising HR management, time & attendance and absence management, employee staff rostering and activity management. The solution includes interfaces to all popular payrolls and enterprise ERP solutions, along with standardised migration and installation facilities

Features

  • Microsoft Azure Cloud, HR and workforce management (WFM) suite
  • Real-time management; time & attendance, HR, resource rostering, activities
  • Real-time visibility; attendance, sickness, leave, flexible working, employee utilisation
  • Versatile resource planning with shift optimisation for enhanced efficiency
  • Core organisational HR management with user defined biographical information
  • Management of HR employment terms; events, disciplinary, appraisals, grievance
  • Provides diary, alerts, task and workflow automation
  • Resource scheduling, e-rostering, workforce shift pattern and rota management
  • Business analytics providing visibility for insightful view of KPI’s
  • Device agnostic Employee Self-Service for Android, Apple and Windows

Benefits

  • Single integrated overview of employee and workforce management data
  • Organisational control of employee events, roster and task management
  • Published resource deployment; right resource, right place, right time
  • Improved cost control, overtime management with seamless payroll link
  • Detailed utilisation visibility at a local and enterprise level
  • Realtime online visibility of resource/employee status, including skill base
  • Improved communication channels and shift notification with Employee Self-Service
  • Delivers meaningful analytical information to managers at all levels
  • Scalable, enterprise COTS solution with highly flexible configuration capability
  • Proven integrations; Oracle EBS, Microsoft Dynamics, SAP & more

Pricing

£3.04 to £6.19 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Mike.Hawkesford@CrownWFM.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 7 0 0 2 8 6 5 2 4 6 6 0 8 3

Contact

Crown Computing Limited Mike Hawkesford
Telephone: 01827 309800
Email: Mike.Hawkesford@CrownWFM.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
Crown will on an occasional basis plan system maintenance and upgrades, which will be agreed with the customer in advance.
System requirements
  • Good quality Internet connectivity, typically broadband or fibre
  • Web browsers supporting a minimum of TLS 1.2

User support

Email or online ticketing support
Email or online ticketing
Support response times
Crown aims to respond to support queries within 2 working hours during standard support hours (08:30 to 17:30 Monday to Friday excluding English Bank Holidays).
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The Customer Support Desk is available from 08:30 hrs to 17:30 hrs Monday to Friday excluding Bank Holidays. Support may be provided outside these hours by prior arrangement.
All support requests will be logged and assigned one of 3 severity levels - 1=Critical, 2=Urgent and 3=Minor.
Costs of support service are included in the prices shown in the G-Cloud 13 Pricing Document.
Crown does not need to assign dedicated technical account managers or cloud support engineers, as the Crown support staff are trained to handle technical issues relating to the application software and cloud platform.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
TBA
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
On Completion of the service period contract or termination under the agreed contract terms (subject to the minimum period) the Off Boarding process will follow:

1) All User Access to the Service will be terminated
2) The database will be backed up (Termination Backup) and this backup will be provided to the buyer
3) The Termination of Service Backup will be held securely for a maximum of one month or until the buyer confirms receipt of the database, whichever is the shorter period
4) All copies of Backups held by Crown will be destroyed
End-of-contract process
At the end of the contract period, the buyer’s right to access the service will cease and the subscription payments will stop, as per the call-off agreement.

Included in the price of the contract are rights to access the software, software maintenance and technical support, cloud hosting and application management. In addition to the monthly subscription, there are additional costs for implementation and training services, which are estimated in the G-Cloud 13 Pricing Document.

Data collection devices for capturing time and attendance data and any desktop or mobile technology used for accessing the system are not included in the costs. Provision of clocking devices can be included at an additional cost.

Ad hoc consultancy services are available at an additional cost at a fixed daily rate.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The employee self-service (ESS) application is optimised for use on desktop and tablet devices.
The optional Crown Mobile module is specifically designed for use on mobile phones by employees.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The system has web interfaces through which employees, including managers and administrators, can access the system.

Depending on their access level, employees will be able to access self-service functions (such as absence registration and activity booking) or manager functions (such as absence approvals and exception handling).
Accessibility standards
None or don’t know
Description of accessibility
The system provides functions that are used for managing employees and accessing self-service data. There are options with different colour schemes (such as high contrast screens for visually-impaired users) which can be set at a user level. Screens can also be zoomed to make them easier to read for certain types of user.
Accessibility testing
Crown have not currently completed formal interface testing with users of assistive technology. But current customers do have visually-impaired users in its existing customer base using assistive software technologies.
API
Yes
What users can and can't do using the API
A variety of data input and output functions are available via a web service, which can be set up via either .csv or web service transactions. These include Absence Registration, Time & Attendance Clocking, Activity Time Booking and Entitlement and Flexi Balance Enquiries.
In addition, a standard import transaction is available which can be used to import on a suite of over 50 API library transactions.
A variety of data input and output functions are available via web services, which can be set up via either .csv or web service transactions. These include Absence Registration, Time & Attendance Clocking, Activity Time Booking and Entitlement and Flexi Balance Enquiries.
In addition, a standard import transaction is available which can be used to import on a suite of over 50 API library transactions.

As the API service is flexible, they can be modified by the users, but only subject to appropriate access profiles, and subject to the security constraints on the system. Crown can also provide expert services for support of customers in extracting and importing data via the APIs, provided at an additional consulting cost.

Full documentation on these APIs can be provided on request under Non-Disclosure Agreement.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Each customer system exists as a distinct tenant in virtual private cloud with dedicated resources, isolated from systems used by other customers. As a result, each customer system is not impacted by other users.

Analytics

Service usage metrics
Yes
Metrics types
Service reports include availability, performance, and system patching metrics.

Other application usage reports are available in the system, which are accessible by the customer.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft Azure cloud subscription, included as part of the service.

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Crown Systems Integration team and the customer will create a requirements definition document which includes the detailed content and format of each extract dataset, as well as file transport and communication requirements.

Most frequently output files are written to pre-determined shared folders. File name nomenclature is configurable and can contain run specific values such as system date and time.

Output can also be directed for consumption by external web services, or processed by integration middleware products.

After initial definition, export processing can be configured to be automated by scheduled jobs, or initiated by manual request.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Crown service is implemented over the Microsoft Azure cloud platform, providing the guaranteed availability within that platform.

In a standard configuration, the virtual servers use premium SSD storage for all operating system & data disks, and VPN connectivity. All these service elements are guaranteed to deliver monthly uptime of 99.9% excluding maintenance and planned downtimes. The application also uses the DNS service which is guaranteed to respond to requests at least 99.99% of the time.

The system can also be optionally configured and installed in a Higher Availability and multi-site Disaster Recovery configuration for special requirements. Crown will provide quotes for such special configuration on request.
Approach to resilience
The Crown service is implemented on virtualised infrastructure provided by the Microsoft Azure cloud platform with self-healing automatic recovery capability.

Virtual Machines and the Hypervisor physical hosts are monitored and managed by a Fabric Controller (FC) which has the ability to detect failures in 2 modes: Reactive and Proactive. If the FC detects failures in reactive mode (missing heartbeats) or proactive mode (known situations leading to a failure) from a VM or a hypervisor host, it will initiate a recovery by either redeploying the VM on a healthy host (same host or another host) and mark the failed resource as unhealthy and remove it from the rotation for further diagnosis.

Similarly, data is replicated in three separate instances within the data centre, protecting against failures of one or two replicas. To ensure that three replicas are always maintained, Azure Storage automatically spawns a new copy of the data in the background if one of the three copies becomes unavailable.

In addition to the resilience provided by the underlying infrastructure, the Crown solution also includes backup of the production databases, files, and application configuration to enable easy recovery from data loss.
Outage reporting
The Crown service is implemented in an environment that constantly monitors the performance, health, and availability of the infrastructure and applications. Many component level outages are automatically rectified by the automated service healing mechanisms.

Azure Service Health provides a dashboard to track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories.

The Crown solution is configured to create and manage service health alerts which proactively reports when service issues are affecting specified installations.

Service health alerts and reports can be sent to designated receivers via a number of channels including SMS, email, and Webhooks.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Restriction of access for management and support channels is implemented by a segregation of duties. For example, a system administrator of our hosting services team will have no access to the customer system or database contents.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register
ISO/IEC 27001 accreditation date
07/08/2018
What the ISO/IEC 27001 doesn’t cover
The ISO27001 certification covers all aspects of Crown Computing with no exclusions.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Crown has an information security process to protect the data of our customers. This is aligned with the UK Government NCSC cloud security principles.

Access to the Hosted system is limited to authorised staff assigned to providing the Managed Hosted Services, with access through specific password controlled Profiles. The customer would have the right to undertake an audit of the security arrangements around the Hosting and Managed Hosting Services.

All staff assigned will be named and will be available for the Customer to undertake security reviews with. Crown employees are contractually required to comply with a number of Company processes and procedures, including Company Rules, the IT Code of Practice and the Employee Handbook which are designed to protect the business, our Customers and employees. Areas/topics covered by some of these policies & procedures include Confidential Information, Handling Customer data, Email & Internet Policies, Passwords, Network Security, Virus Control, Media Security and Social Media. All employees are aware of their responsibilities and that breaches to these policies are handled under the Disciplinary & Dismissal procedure.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Crown has its own change management process. This ensures each software change is assessed, prioritised and defined before being scheduled into our release plan.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability management in the Crown solution is built upon the threat management capabilities provided by Microsoft Azure, which includes protection from both malicious software and attacks against systems and networks.

The Crown solution deploys Microsoft Antimalware for Azure, providing real-time protection; scheduled scanning; malware remediation; automatic updates to antimalware engine, platform, and signatures; active threat metadata reporting; and event collection and logging.

The solution is also protected against network-layer high-volume denial-of-service attacks by continuous monitoring and penetration-testing processes in Azure. This includes detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring is provided through Azure security health monitoring service.
Security policies are established for the installation, which will be used to monitor the system to automatically collect, analyse, and integrate with log data from anti-malware program and firewalls. When threats are detected, a security alert is created and processed through the incident management process.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Crown system takes advantage of the Azure Security Incident Response process, a part of the overall Azure incident management plan. This process involves a 5-step incident response process of:
- Detection of incident, originating from automated monitoring systems, or reported by phone, email, or web
- Assessment of impact and severity of incident
- Diagnosis, involving technical or forensic investigation as well as identifying mitigation
- Stabilisation and recovery through containment
- Close and post-mortem review
The incident will be tracked and managed by designated incident managers who will have responsibility to track, coordinate investigation and mitigation, and report.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

In support of the combat against climate change and working towards net-zero greenhouse gas emissions, Crown has adopted complementary policies of reduced travel, enhanced remote working for all staff, and enhanced remote support for its customers.

Crown policies encourage travel to be limited to essential purposes. When travel is required, Crown also encourages the use of low-carbon options such as electric/hybrid cars, and train travel in preference to air travel. Crown has also installed charging facilities on its premises to support the transition to electric vehicles.

Further, a key feature of the Crown G-Cloud solution is its ability to facilitate both remote and home working for its customers. Their employees can take advantage of flexible and home working without loss of effectiveness, thereby reducing their carbon footprint. Crown itself implements its solution for its own use and the benefit of its employees.

Crown has also invested significantly in processes and technologies to support remote working and collaboration for its staff. All departments in Crown are enabled to operate remotely, with virtual meeting/conferencing technologies, secure access to required documents and data, secure networking with VPN, and accredited cloud platforms.

As an extension of its support for remote working and operations, Crown also promotes the use of remote support for its customers.

The combination of these policies and their enablement allows Crown to actively contribute to combating climate change. Crown also encourages its remote working employees to adopt low carbon approach in their own remote working locations.

The scope of these policies covers all operations within Crown including the development, maintenance, and delivery of its G-Cloud service.

Pricing

Price
£3.04 to £6.19 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Mike.Hawkesford@CrownWFM.com. Tell them what format you need. It will help if you say what assistive technology you use.