SONA TECHNOLOGIES LTD

Sona Workforce Management

Workforce Management solution to support Roster, attendance, payroll and HR

Features

• Workforce management
• Scheduling
• Time and Attendance
• HR & Employee records
• Payroll cloud
• Payroll Bureau
• Engagement cloud
• Wellbeing
• Forecasting and reporting

Benefits

• Improve time management
• Employee Self serve
• Cost savings, accurate tracking of employee hours
• Time saved managing absence, rostering and pay rates
• Can hold and manage Multiple pay rates
• Reduction of agency spend due to better utilisation of staff
• Time reduction of admin task for Ops staff/front line

£3 to £20 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anne@getsona.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

196631126822513

Contact

Anne Crawford
0786 213 3437
anne@getsona.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • SSO
  • SaaS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday support 9 - 5 but happy to discuss enhanced support packages.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: TBD
• Onsite support: Onsite support
• Support levels: Support access:; 3 x Super Admins for direct line support (Phone, Email & Form); Incl. priority support for urgent queries; Incl. out of hours support escalation; Extensive FAQ library; Live support chatbot; Support response time SLAs:; Within 4 hours (real time) for escalated urgent queries; Within 12 hours (real time) for other urgent queries; Within 2 Business Days for non-urgent queries; Urgent issues include:; System downtime; Issues that impact immediate staff payroll; Issues that impact immediate shift operations; The hours of operation for Customer support are:; Monday - Friday: 8am-5pm Friday: 8am - 12pm; Your Senior Customer Success Manager (more details on this below) can produce a monthly report on Sona Support Services such as performance vs. SLAs, if requested.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will provide a statement of work to support with the project/programme of work. We can provide onsite and offsite training. You will be given a dedicated project manager to support you through your transition.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Access to data or report
• End-of-contract process: We will work with the customer to extract their data

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop is designed to support with operational management, scheduling and planning and mobile is used for self serve for the frontline staff.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Sona offers both admin and frontline level service interfaces - more details when requested.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Tbd
• API: Yes
• What users can and can't do using the API: Open API's - all info and accessibility can be found on our website. ; https://api.sona.is/api/docs/v1/index.html?__hstc=212518987.50c584843efae8327f79c815dee58ed3.1706108947949.1714722440106.1715071748282.17&__hssc=212518987.1.1715071748282&__hsfp=382654845&_ga=2.16221749.2026912341.1715071747-459621112.1715071747
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Sona is highly configurable and can be adapted for processes for each organisation.

Scaling

• Independence of resources: Sona is a fully cloud based platform using google web services and tested to ensure scalability.. We have multiple concurrency control measures and testing in place.

Analytics

• Service usage metrics: Yes
• Metrics types: Configured as required - during SOW
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: At rest: Data at rest are encrypted. Databases in data centers are encrypted with AES 256. Data on iOS and Android devices are encrypted with AES 256.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: We will collect your data and import to the Sona platform
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We currently have SLA's in place for Independent care providers. We would like to establish new SLA's for the Public sector.
• Approach to resilience: Available on request
• Outage reporting: API

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access control - to define access level based on job roles. E.g Manager Full access, front line staff only access to their info. ; Mutli Factor Authentication MFA - will be used with Sona ; Strong Password policies, session managment and audit logs.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Working towards ISO27001
• Information security policies and processes: At Sona, we consider data confidentiality, integrity and availability a top priority.; We demonstrate our commitment to continuous customer data protection and data privacy processes in the following ways:; 1. Sona uses industry-leading data security technologies and follows comprehensive defense-in-depth practices to protect our customers’ data.; 2. Sona operates a highly capable security system to continuously monitor its product and platform for security vulnerabilities.; 3. Sona strives to achieve world-class security standards across all aspects of our business and is in the process of implementing all information security controls as defined by the International Organization for Standardization (ISO).; 4. Sona is committed to maintaining the highest security standards and continual improvement. As such, Sona undergoes independent internal and external audits and security tests on a regular basis.; Sona’s security practices are structured in accordance with the three information security pillars below. Each pillar contributes to the use of advanced security technology and controls, and in combination meet and exceed the stringent requirements of the ISO 27001 accreditation process.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and changes can all be managed through auditing in the system
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The following internal automated vulnerability checks are performed:; ● Independent of code changes:; ○ Daily SSL certificate check; ○ Real time automated live vulnerability scanning; ○ Weekly configuration scanning, activity monitoring, and reviewing; against best practices library; ○ Weekly dynamic application security testing; ● For every code change:; ○ Mandatory peer review; ○ Unit and integration test suites focused on access permissions; ○ System library vulnerability checks
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our Incident Response Plan follows industry’s best practice standard, and is designed to manage cyberattacks in our environment and comprises four phases:Phase 1:Preparation (pre-event), Phase 2:Detection and Analysis, Phase 3:Containment, Eradication, and Recovery, Phase 4:Post-Incident. This gives us flexibility to handle security incident situations and scenarios in a standardized and consistent way; In the case of a personal data breach, in line with the applicable data protection regulations Sona will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to you, following Sona's Incident Management Notification Process
• Incident management type: Undisclosed
• Incident management approach: We have a defined incident response plan as well as crisis coordination plan in case an incident is escalated as per our incident severity scale.; Our Incident Response Plan follows industry’s best practice standard, and is designed to manage cyberattacks in our environment and comprises four phases:; ● Phase 1: Preparation (pre-event); ● Phase 2: Detection and Analysis; ● Phase 3: Containment, Eradication, and Recovery; ● Phase 4: Post-Incident

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Sona focuses on our staff wellbeing and have based this in our frontline workforce app. We think it is important to look after staff in the sector and have built a wellbeing app into the product to check in or staff. The app gives the organisation the opportunity to check in with their staff and monitor their wellbeing on a daily, weekly basis

Pricing

• Price: £3 to £20 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anne@getsona.com. Tell them what format you need. It will help if you say what assistive technology you use.