WorkInConfidence: Surveys

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: No
System requirements: Staff have internet access (PC, tablet or phone)

Browser access (Edge, Chrome, Safari, Firefox, Opera)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Initial response usually within 1 business hour but always within one business day (9-5 business days).
Weekends and holidays usually picked up within 24 hrs.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: The web chat widget is Level one (A) compliant and satisfies some Level two (AA) requirements. Testing has been done on the plug in.
Onsite support: Yes, at extra cost
Support levels: We provide a single level of support for all clients which includes phone, email and online chat support.

The cost of support is included within the user licence fee with the only additional costs being any site visits requested by the client.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: When a new client starts using WorkInConfidence they are allocated an account manager who works with them through the on-boarding process to ensure a successful launch. This includes providing materials to guide them through the pre-launch process, online administration training, and marketing collateral. The client also gets access to our comprehensive online support area with resources for administrators, managers and users. The account manager then works with the client regularly post-launch to ensure that they continue to get the best out of WorkInConfidence.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: All historic survey results can be extracted as .xls, .csv or in some cases as .png via the user interface.
System use metrics and reports can also be downloaded as PDF or csv.
End-of-contract process: If any organisation ceases to be a client of WorkInConfidence, we will remove all of its data and that of its staff/users within three months of their ceasing to be a client. Alternatively, the client may choose to have a paid 12 months run off period after which the data would be deleted three months post that.
Clients can access data per above.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Yes the service is mobile optimised. When accessed from a mobile device (smartphone or tablet) the pages reformat to fit the size of the device in question. Core functionality is the same.
Service interface: No
User support accessibility: WCAG 2.1 AA or EN 301 549
API: No
Customisation available: Yes
Description of customisation: WorkInConfidence: Surveys platform is highly customisable at a number of levels.
The client’s administrators and survey managers can easily control settings and administer the system through their own online interface.
Messaging on client’s instance of the platform is customisable including logo.
The client can customise access levels for their team as required – administrator, survey manager, view surveys only. Each manager on the system can also customise whether they share surveys with other managers or not.
Within survey creation, users with the appropriate rights can create and customise their own surveys (name, introduction, header, section names, section headings, question types, questions and whether they are mandatory or optional for those completing surveys).
How surveys are accessible is also customisable – via link from a system email (which themselves are customisable), QR code or link taken from the system and shared.
Which time periods and groups survey results are to be displayed or extracted for is also customisable.

Scaling

Independence of resources: The WorkInConfidence service is automatically monitored to ensure that there is always sufficient capacity to meet the needs of all clients. Any potential issues are highlighted and additional capacity can be added within 30 minutes.

Analytics

Service usage metrics: Yes
Metrics types: On the administrator/manager side there are details of how many managers have access, how many surveys are built and running.
For running surveys how many people have completed each survey, % completion and recent completion.
System metrics for survey results include:
Average responses; Responses by question (broken down by groups such as role / location / characteristics if asked).
Appropriate responses are heat mapped.
Spread of results, +/ve / -ve balance, net promoter.
Time series analysis.
Metrics are available on screen, extracted into .xls, .csv or in appropriate cases charts.
There is sentiment analysis of free text responses to surveys.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Encryption of all physical media

Other
Other data at rest protection approach: All personal identifiable information and dialogues are encrypted.
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: All historic survey results can be extracted as .xls, .csv or in some cases as .png via the user interface.
System use metrics and reports can also be downloaded as PDF or csv.
Data export formats: CSV

Other
Other data export formats: PDF

Csv

.png
Data import formats: CSV

Other
Other data import formats: XLS

XLSX

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: We aim to be available at least 99.5% of the time, apart from reasonable scheduled maintenance (either outside normal business hours or up to 1 day per quarter). Historically this rate has been 99.9% availability. If we fail to meet target uptime, clients are entitled to 7 days free for each day we have been down as long as they request it within 28 days of the outage.
Approach to resilience: WorkInConfidence is hosted on Amazon's AWS infrastructure used by many large organisations. We chose to partner with Amazon because of their work in this area. More details are available from the AWS website or directly from WorkInConfidence.
Outage reporting: There is a public dashboard at: https://status.workinconfidence.com/

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Access restrictions in management interfaces and support channels
The administration areas of all clients instances of WorkInConfidence are protected via username and password. The system insists on strong passwords of at least eight characters with upper and lower case letters and numbers. Users of the system have the ability to set up Multi Factor Authentication. We recommend this for Admin Users and Managers. Users can choose to mandate MFA for either all users or Manager/admin users.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: Cyber Essentials

IASME Governance standard

NHS Digital Toolkit

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: IASME Governance standard
Information security policies and processes: WorkInConfidence has:
1. Clarity on what is collected, what purposes and how stored. This is clearly documented in Privacy policies and a further internal policy;
2. Technical measures to guard security and privacy. The CTO is in charge of this, and has close oversight of all aspects of the build and operations of the Company’s services. This is discussed regularly with the CEO and also in every board report there is an update, also highlighting any areas of security risk;
3. Organisational measures. All staff are required to be aware of the organisation’s security policies and processes, and are trained and are regularly updated on these. Any third parties working with us have to sign up to and adhere to these.
4. Minimum group size protections.
Any security risk is required to be notified to the CEO and COO immediately.
To support each of these the Company and has clearly documented policies and procedures, a log of who has been trained and when last updated. These include User Privacy Policy, Password Policy, Mobile Device Policy, Retention Policy, Incident Response Policy, Confidential Data Policy.
The above are reviewed and updated at least semi-annually and any key changes highlighted to the Board.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: All components of the service are under configuration control (source control via git) and all changes are reviewed and tested with a view on security before being applied to the live service.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Potential threat information comes from a variety of sources such as our hosting provider for hardware and OS information, the providers of the development language and framework we use. These and other sources are used to determine the priority and the speed with which any are implement. For OS related patches these are typically applied weekly and for framework changes at the next major release unless it is considered a security risk in which case it would be hot-fixed.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Many steps are taken to ensure that the service cannot be compromised but we actively monitor the logs for unusual activity or activity from outside of known parameters. If an anomaly is detected it is flagged up via both email and instant notification to support staff. This is then investigated immediately to see if there has been an issue and steps taken accordingly.
Incident management type: Supplier-defined controls
Incident management approach: Incidents flagged up during routine monitoring will be dealt with through company policy. User can report incidents either through our website or via our dedicated email address: security@workinconfidence.com.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity
Wellbeing

Equal opportunity

As part of ensuring equal opportunities, it is critical that organisations understand the problems different parts of the workforce face, whether and how those vary by different group and whether all groups feel treated fairly and have access to equal opportunities.

However, it can be hard for relevant groups to express their views. The WorkInConfidence platform enables people to give feedback in a safe and trusted way.

Staff have their identities protected – whether using the Anonymous Speak Up or survey aspects of the platform. At the same time, organisations and their management can get a clearer picture on whether different groups are equally engaged, treated with equal respect, feel they have equal opportunities and equally affected by issues around wellness.

By helping create understanding and giving equality of voice, WorkInConfidence provides a powerful boost to ensuring equal opportunities.

Wellbeing

WorkInConfidence is designed to deliver more respectful, more engaged organisations. There is a major problem with staff who have problems in areas like respect, bullying, harassment and poor behaviours often feeling unable to raise them. These problems contribute in turn to hugely diminished wellbeing for both those who experience the problems and colleagues who witness them. Repeatedly, however, staff feel unable to raise problems through fear of repercussions, lack of psychological safety and belief that nothing will happen. WorkInConfidence is designed to enable staff to raise problems of concerns without fear giving organisations better opportunities to tackle them. At the same time as giving staff the safety to raise problems, the case management facility in the platform ensures that cases can be properly recorded and tracked to satisfactory conclusion. Clear central reporting gives organisations a more joined up picture of problems, how they are dealt with and what learnings have been made and shared to minimise problems going forward. Alongside this the surveys help organisations to understand whether they are in the right place with Wellbeing so remedial measures can be taken if they are not.

Pricing

Price: £0.05 to £0.92 a user a month
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

WorkInConfidence: Surveys

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents