EverydayComply
EverydayComply enables an organisation to:
Record and distribute processes & procedures across the organisation,
Assess an individual or "teams" understanding of the processes that impact them in their roles,
Records data on areas where risks are evident from results and further training is needed,
Improves efficiency by finding conerns early.
Features
- Centralise all processes and procedures and distribute to staff quickly
- Record date and time important documents have been reviewed
- Easily distribute changes and updates to regulations across entire organisation
- Develop bespoke Question Banks to assess all staff's knowledge
- Build a history of empirical data available to management
- Identify problem areas where extra training is needed
- Helps management at every level keep their employees safe
- A range of reports and management information available
- Solution is operational and protecting the organisation in days
- Users can see areas they need support and development in
Benefits
- Every member of staff aware of their organisational responsibilities
- Each individual has their legal and commercial understanding assessed
- Individual or team patterns in problem areas quickly identified
- Organisation trends for an individual or team evident from results
- Identify areas where the organisation or employees are at risk
- Prevent problems before they have an adverse effect
- Improve the quality and effectiveness of any training given
- Pinpoint areas where further training is needed
- Increase effectiveness of the organisation as a whole
- Improve profitability by reducing waste and targeting investment
Pricing
£240.00 to £800.00 a user a quarter
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 4 1 2 7 5 8 3 6 9 7 1 2 0 7
Contact
GEMSMART LIMITED
Mike Dunk
Telephone: 07943817447
Email: mikedunk1@gmail.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
-
Currently our Users have all opeted to use Google Cloud services as the main supplier of their infrastructure.
The solution is designed to operate and can be installed on any Cloud supplier if preferred by the Buyer.
The solution can be made available 24x7. However there will be some "down time" for software upgrades and new releases. Any necessary down time will be agreed with the Buyer. - System requirements
-
- Users require access to the internet from a device.
- Users will need a browser to access the solution
- Users will need a working email address
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
User problems reported are answered within 4 hours.
Almost all questions or problems are resolved within this timescale.
Should the issue/question an intervention from our software development team this may take up to a working day to provide a resolution. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Standard telephone and email Support is available for 12 hours per day, 7 days per week. Response time will be 4 hours.
Requests outside of this time would be answered on a reasonable endeavours basis.
An account manager will be assigned to each customer who will channel any requests or issues to the best team should they be unable to resolve any problems.
Software changes will be responded to by our development team within one working day. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The solution is designed to be installed and up and running within days.
Training can be provided on-site, if required, or over a conference call
The key requirement is for each User to have an email address as access to system and results are retained against an individual.
A comprehensive description of the system and how it operates is available 24 x 7 on line.
Should the organisation require their Processes and/or Procedures to be made available on line to their staff these will need to be made available as pdf documents.
Generic Question Banks are available should they be requested. Any bespoke Question Banks will require an organisation to prepare questions and answers for their employees. Initially we will add the first 150 Questions onto the system for the Buyer and will demonstrate how these are entered into the tool for the Buyer's staff to then prepare their own Question Banks and assessments to use going forward. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
The information held on the system relates to an individual's results from the assessments they have taken during an organisations use of the system.
If an employee leaves the organisation or their records are no longer required the Organisation administrator can either purge any data held, remove the employee's access to system or request us, the Supplier, to copy the data onto a format, (usually a memory stick), requested by the Buyer.
Should an organisation end their requirement for the solution as a whole they can request that all data be purged from the system or, as for an individual's recorded history, copied onto an agreed format. - End-of-contract process
-
At the end of their Agreement an organisation can simply request the end of their subscription payments.
Any data required, this could be either bespoke Question Banks produced by or for the Buyer, or staff assessment results can be made available to the Buyer in a format required by them.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The display will appear different on a mobile to access by a User from a desktop or laptop.
The software is responsive and is designed to best fit the screen of the device used. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- Yes
- Description of customisation
-
The system is designed to be customised by the User or our support people.
Logos or organisation branding is easily entered into the software so that the solution looks and feels like an in-house tool.
All Processes and Procedures up-loaded will be the organisation's "own labelled" documents.
Every question entered into a User bespoke Question Bank will have a simple relevant picture loaded at the same time.
Scaling
- Independence of resources
-
Response times will be impacted by the number of Users, the "task" the User is requesting of the system and, more specifically the resources, processing power, disk allocated, and speed of the internet.
Currently our Users utilise Google Cloud services but almost certainly other leading cloud providers will provide a similar service where the utilisation of resource allocated can be reviewed and adjusted easily should additional resources be required.
The utilisation of resources will be monitored regularly by both the Account Manager and our Development team.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Each User is held in the system via name, email address and, potentially assigned team.
The User has access to individual results, providing they have been given security access.
Each User can see their own results per Question Bank.
The graphical function within the system enables management to:
- give a completion time to a staff member for an assigned assessment, notification will be sent when any deadline is missed
- review each completed assessment, results for each assessment, failure or pass rates for each individual or question
- failed "yellow" or "red", (important) questions failed. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Everyday Limited
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Never
- Protecting data at rest
- Other
- Other data at rest protection approach
-
We utilise Google Cloud for our existing customers.
Google are amongst the leading cloud providers and we utilise the data and security testing they undertake continuously.
We operate a bespoke "token" system for Users when they are added to the system initially. - Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Currently no Users have requested nor have a requirement to export data.
Should this be required at some future date we will agree with the individual User their specific requirements and utilising our development team would write the routines needed. - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- A bespoke development, for example, into an HR record
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- Any bespoke requirements
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Availability of the Gemsmart system is determined by the infrastructure or Cloud provider the Buyer wishes to use.
Currently our customers adopt Google Cloud. It is an environment our team uses regularly and understands in detail.
The software, EverydayComply, offered is not a "real time" critical application but is designed to set up Assessments and for Users to undertake Assessments at a time convenient to them, sometimes even from home or out of hours.
However, Google Cloud and other Cloud providers can be configured to provide the User with significant "uptime", 99.9%, (and higher), should the Buyer feel this is necessary.
Generally our aim is to provide a 99% uptime with service credits for failing to achieve this for two consecutive months of 10% of the monthly service charge. - Approach to resilience
-
Again the answer to ensuring protection and resilience will be primarily impacted by the Cloud supplier chosen by the Buyer. Google Cloud, our preferred choice, gives us the ability to host your service across multiple data centres, availability zones or geographic regions.
The back-ups and logs of the solution are routinely monitored by our development team who will make recommendations relating to ny changes they believe would benefit our customers. - Outage reporting
-
Outages would be reported to the Organisation Administrator with an email alert from the Account Manager or his deputy if not available.
Should the Buyer require specific outage reports our devlopment team would be available to design, specify and write the necessary APIs to deliver this. (Depending on the requirements this may incur a cost).
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
As a small organisation little restrictions need to be applied in our business. The team has worked together for many years in this and previous Companies.
Private & any confidential information is shared on a "need to know" basis.
Access to the User data is retsricted to the Organisation Administrators and Development team. - Access restriction testing frequency
- Less than once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Security is managed on a number of levels.
Access to the system is controlled by three levels. A System Administration individual, one or more Organisation Admins assigned by the customer. A User who sits within a Group or Team and whose results are collected with other team members and accessed only by the Administrators.
Users are added onto the system with a bespoke "token" service used to set passwords.
The external and data security is managed by our Cloud supplier. - Information security policies and processes
-
The Managing Director is primarily responsible for our Information security policies and processes. He is supported by the General Manager and the Head of development
The key purpose of the policies is to maintain the reputation of our customers, and our own organisation; to uphold ethical and legal responsibilities and determine how to react to inquiries and any non-compliance.
The three objectives are to ensure:
- Confidentiality
- Integrity and
- Availability.
Data is classified as secret, confidential and public with the aim of ensuring that sensitive data is only available to those that need access and that access to unimportant data is not limited by unnecessary measures.
The policies incorporate data support and operations including governance of personal data in line with GDPR, data back-up and movement of data. The responsibilities surrounding data and GDPR lie with the General Manager. Data back up and IT related policies are delegated to and managed by the Development Manager.
Security awareness around email policies, opening of attachments from outside the organisation is the responsibility of all staff members who are requested to take an assessment quarterly.
Education, training and routine assessments at managed by the Managing Director.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configuration and change management are generally the res[onsibility supplier of the Cloud infrastructure, in our case to date Google. As a world leader in cloud services Gemsmart is confident that the tests and certification Google adhere to ensure that the infrastructure iss protected (this will apply to tthe major Cloud service providers but will be checked prior to operating the EverydayComply solution on a different platform.
Application change management is a combination of devlopment and operations. Any updates to the application are thoroughly tested prior to release to our customer base, - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Gemsmart relies quite heavily on their Cloud supplier, Google Cloud to routinely test the infrastructure for vulnerability.
In addition we recommen that all Users maintain the latest versions of operating systems where possible and browsers which will have in built security updates.
The Application software is monitored regularly by our Development team
Any necessary updates or solution modifications would be deployed as soon as practicable. This is usually undertaken the after hours of the evening any issue has been found. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The first indication of any compromise will be communicated to our Development team from Google.
Any possible compromise into the application or possibly the network would be evident to a User or Administrator using the system. This would be reported to our Support Desk and from there directly to our Development team.
The nature and importance of the "compromise" will determine the action to be taken. If required the system would be taken down, the problem resolved or the system "rolled back" over night to insure a stable platform. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Gemsmart has fortunately never experienced a major incident with the software.
Minor problems have been passed onto our Support Desk, usually via email or phone. Most problems have been found to relate to inexperienced Users not knowing their email address or not applying for a password to be set up until some time after the "token" request has been issued. These issues will normally only impact a single User and can be resolved by talking them through their issue.
Our Development team will investigate and rectify any software problem over night.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Gemsmart believes strongly in fighting climate change and have committed to moving all of our staff towards electronic or hybrid vehicles prior to the government deadline of 2030. We are also working, through the EverydayComply software, to move several organisations from the paper-based system they are currently using to a complete cloud option resulting in far less paper used throughout the organisation.
We have worked with the landlord of our office to reduce the use of the gas heating and swapped for a small more efficient fan heating system. - Covid-19 recovery
-
Covid-19 recovery
Gemsmart has worked with Everyday to provide customers with a combination of several Assessments and Training courses that are specifically focused on recovering from the Covid19 Pandemic. These courses also include a wide range of social care and mental health focused courses that are designed to directly help, health and care services with the impact of Covid 19 on their staffs and patient wellbeing
Internally both Companies, Gemsmart and Everyday Ltd., have made several changes to their own internal policies moving forward, these include, office social distancing, completely separate equipment, opening windows whenever possible and providing hand sanitizer to all staff at all times.
As a supplier to the Social Care industry we are preparing specialist Question Banks for Users to implement based around the conditions they have have met with the Covid pandemic. The lessons learnt and any good practices employed will be monitored and staff members will be routinely assess to ensure that continue to follow best practice. - Tackling economic inequality
-
Tackling economic inequality
Gemsmart and its partner Everyday Ltd are dedicated to creating entrepreneurship and helping small businesses to grow. They do this in a number of ways. Firstly, offering a range of training courses, often at no cost, that help small businesses in particular to train up and educate their staff on a large range of topics.
Everyday’s assessment options further add to this allowing SMEs to improve their staff's performance across the entire organisation by assessing their skill levels and identifying specific gaps where further training is needed. The Gemsmart and Everyday partnership is of further benefit to SMEs as the solution has been priced with this sized companies in mind. There are options to scale the price you pay by the numbers of users within the system, resulting in an extremely cost-effective solution for smaller organisations. Finally, the EverydayComply software allows users to access the system at anytime from anywhere allowing for training and improvement to take place at any time not affecting the day to day running of their business.
A number of our Users have opted to insure that the organisations in their supply chain meet and adhere to the procedures and policies they wish to implement by using the EverydayComply tool to assess the suppliers' employees' understanding of these.
Gemsmart with Everyday Ltd have a range of training and assessment options all specific to cyber security. These include a cyber security for small business assessment designed specifically to help small to medium companies with their cyber security requirements. These courses help staff throughout your organisation identify and understand their responsibilities and risks in relation to cyber security.
Pricing
- Price
- £240.00 to £800.00 a user a quarter
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Gemsmart will provide the Buyer with a number of generic modules for them to evaluate the software.
If required, we will prepare a number of bespoke Question Banks for them to implement within their organisation.
Any trial would be for three months but could be extended if necessary. - Link to free trial
- Would require Gemsmart & User agreement