Skip to main content

Help us improve the Digital Marketplace - send your feedback

GEMSMART LIMITED

EverydayComply

EverydayComply enables an organisation to:
Record and distribute processes & procedures across the organisation,
Assess an individual or "teams" understanding of the processes that impact them in their roles,
Records data on areas where risks are evident from results and further training is needed,
Improves efficiency by finding conerns early.

Features

  • Centralise all processes and procedures and distribute to staff quickly
  • Record date and time important documents have been reviewed
  • Easily distribute changes and updates to regulations across entire organisation
  • Develop bespoke Question Banks to assess all staff's knowledge
  • Build a history of empirical data available to management
  • Identify problem areas where extra training is needed
  • Helps management at every level keep their employees safe
  • A range of reports and management information available
  • Solution is operational and protecting the organisation in days
  • Users can see areas they need support and development in

Benefits

  • Every member of staff aware of their organisational responsibilities
  • Each individual has their legal and commercial understanding assessed
  • Individual or team patterns in problem areas quickly identified
  • Organisation trends for an individual or team evident from results
  • Identify areas where the organisation or employees are at risk
  • Prevent problems before they have an adverse effect
  • Improve the quality and effectiveness of any training given
  • Pinpoint areas where further training is needed
  • Increase effectiveness of the organisation as a whole
  • Improve profitability by reducing waste and targeting investment

Pricing

£240.00 to £800.00 a user a quarter

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mikedunk1@gmail.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 4 1 2 7 5 8 3 6 9 7 1 2 0 7

Contact

GEMSMART LIMITED Mike Dunk
Telephone: 07943817447
Email: mikedunk1@gmail.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Currently our Users have all opeted to use Google Cloud services as the main supplier of their infrastructure.
The solution is designed to operate and can be installed on any Cloud supplier if preferred by the Buyer.
The solution can be made available 24x7. However there will be some "down time" for software upgrades and new releases. Any necessary down time will be agreed with the Buyer.
System requirements
  • Users require access to the internet from a device.
  • Users will need a browser to access the solution
  • Users will need a working email address

User support

Email or online ticketing support
Email or online ticketing
Support response times
User problems reported are answered within 4 hours.
Almost all questions or problems are resolved within this timescale.
Should the issue/question an intervention from our software development team this may take up to a working day to provide a resolution.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Standard telephone and email Support is available for 12 hours per day, 7 days per week. Response time will be 4 hours.
Requests outside of this time would be answered on a reasonable endeavours basis.
An account manager will be assigned to each customer who will channel any requests or issues to the best team should they be unable to resolve any problems.
Software changes will be responded to by our development team within one working day.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The solution is designed to be installed and up and running within days.
Training can be provided on-site, if required, or over a conference call
The key requirement is for each User to have an email address as access to system and results are retained against an individual.
A comprehensive description of the system and how it operates is available 24 x 7 on line.
Should the organisation require their Processes and/or Procedures to be made available on line to their staff these will need to be made available as pdf documents.
Generic Question Banks are available should they be requested. Any bespoke Question Banks will require an organisation to prepare questions and answers for their employees. Initially we will add the first 150 Questions onto the system for the Buyer and will demonstrate how these are entered into the tool for the Buyer's staff to then prepare their own Question Banks and assessments to use going forward.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The information held on the system relates to an individual's results from the assessments they have taken during an organisations use of the system.
If an employee leaves the organisation or their records are no longer required the Organisation administrator can either purge any data held, remove the employee's access to system or request us, the Supplier, to copy the data onto a format, (usually a memory stick), requested by the Buyer.
Should an organisation end their requirement for the solution as a whole they can request that all data be purged from the system or, as for an individual's recorded history, copied onto an agreed format.
End-of-contract process
At the end of their Agreement an organisation can simply request the end of their subscription payments.
Any data required, this could be either bespoke Question Banks produced by or for the Buyer, or staff assessment results can be made available to the Buyer in a format required by them.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The display will appear different on a mobile to access by a User from a desktop or laptop.
The software is responsive and is designed to best fit the screen of the device used.
Service interface
No
User support accessibility
None or don’t know
API
No
Customisation available
Yes
Description of customisation
The system is designed to be customised by the User or our support people.
Logos or organisation branding is easily entered into the software so that the solution looks and feels like an in-house tool.
All Processes and Procedures up-loaded will be the organisation's "own labelled" documents.
Every question entered into a User bespoke Question Bank will have a simple relevant picture loaded at the same time.

Scaling

Independence of resources
Response times will be impacted by the number of Users, the "task" the User is requesting of the system and, more specifically the resources, processing power, disk allocated, and speed of the internet.
Currently our Users utilise Google Cloud services but almost certainly other leading cloud providers will provide a similar service where the utilisation of resource allocated can be reviewed and adjusted easily should additional resources be required.
The utilisation of resources will be monitored regularly by both the Account Manager and our Development team.

Analytics

Service usage metrics
Yes
Metrics types
Each User is held in the system via name, email address and, potentially assigned team.
The User has access to individual results, providing they have been given security access.
Each User can see their own results per Question Bank.
The graphical function within the system enables management to:
- give a completion time to a staff member for an assigned assessment, notification will be sent when any deadline is missed
- review each completed assessment, results for each assessment, failure or pass rates for each individual or question
- failed "yellow" or "red", (important) questions failed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Everyday Limited

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
Other
Other data at rest protection approach
We utilise Google Cloud for our existing customers.
Google are amongst the leading cloud providers and we utilise the data and security testing they undertake continuously.
We operate a bespoke "token" system for Users when they are added to the system initially.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Currently no Users have requested nor have a requirement to export data.
Should this be required at some future date we will agree with the individual User their specific requirements and utilising our development team would write the routines needed.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
A bespoke development, for example, into an HR record
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Any bespoke requirements

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability of the Gemsmart system is determined by the infrastructure or Cloud provider the Buyer wishes to use.
Currently our customers adopt Google Cloud. It is an environment our team uses regularly and understands in detail.
The software, EverydayComply, offered is not a "real time" critical application but is designed to set up Assessments and for Users to undertake Assessments at a time convenient to them, sometimes even from home or out of hours.
However, Google Cloud and other Cloud providers can be configured to provide the User with significant "uptime", 99.9%, (and higher), should the Buyer feel this is necessary.
Generally our aim is to provide a 99% uptime with service credits for failing to achieve this for two consecutive months of 10% of the monthly service charge.
Approach to resilience
Again the answer to ensuring protection and resilience will be primarily impacted by the Cloud supplier chosen by the Buyer. Google Cloud, our preferred choice, gives us the ability to host your service across multiple data centres, availability zones or geographic regions.
The back-ups and logs of the solution are routinely monitored by our development team who will make recommendations relating to ny changes they believe would benefit our customers.
Outage reporting
Outages would be reported to the Organisation Administrator with an email alert from the Account Manager or his deputy if not available.
Should the Buyer require specific outage reports our devlopment team would be available to design, specify and write the necessary APIs to deliver this. (Depending on the requirements this may incur a cost).

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
As a small organisation little restrictions need to be applied in our business. The team has worked together for many years in this and previous Companies.
Private & any confidential information is shared on a "need to know" basis.
Access to the User data is retsricted to the Organisation Administrators and Development team.
Access restriction testing frequency
Less than once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security is managed on a number of levels.
Access to the system is controlled by three levels. A System Administration individual, one or more Organisation Admins assigned by the customer. A User who sits within a Group or Team and whose results are collected with other team members and accessed only by the Administrators.
Users are added onto the system with a bespoke "token" service used to set passwords.
The external and data security is managed by our Cloud supplier.
Information security policies and processes
The Managing Director is primarily responsible for our Information security policies and processes. He is supported by the General Manager and the Head of development
The key purpose of the policies is to maintain the reputation of our customers, and our own organisation; to uphold ethical and legal responsibilities and determine how to react to inquiries and any non-compliance.
The three objectives are to ensure:
- Confidentiality
- Integrity and
- Availability.
Data is classified as secret, confidential and public with the aim of ensuring that sensitive data is only available to those that need access and that access to unimportant data is not limited by unnecessary measures.
The policies incorporate data support and operations including governance of personal data in line with GDPR, data back-up and movement of data. The responsibilities surrounding data and GDPR lie with the General Manager. Data back up and IT related policies are delegated to and managed by the Development Manager.
Security awareness around email policies, opening of attachments from outside the organisation is the responsibility of all staff members who are requested to take an assessment quarterly.
Education, training and routine assessments at managed by the Managing Director.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and change management are generally the res[onsibility supplier of the Cloud infrastructure, in our case to date Google. As a world leader in cloud services Gemsmart is confident that the tests and certification Google adhere to ensure that the infrastructure iss protected (this will apply to tthe major Cloud service providers but will be checked prior to operating the EverydayComply solution on a different platform.
Application change management is a combination of devlopment and operations. Any updates to the application are thoroughly tested prior to release to our customer base,
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Gemsmart relies quite heavily on their Cloud supplier, Google Cloud to routinely test the infrastructure for vulnerability.
In addition we recommen that all Users maintain the latest versions of operating systems where possible and browsers which will have in built security updates.
The Application software is monitored regularly by our Development team
Any necessary updates or solution modifications would be deployed as soon as practicable. This is usually undertaken the after hours of the evening any issue has been found.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The first indication of any compromise will be communicated to our Development team from Google.
Any possible compromise into the application or possibly the network would be evident to a User or Administrator using the system. This would be reported to our Support Desk and from there directly to our Development team.
The nature and importance of the "compromise" will determine the action to be taken. If required the system would be taken down, the problem resolved or the system "rolled back" over night to insure a stable platform.
Incident management type
Supplier-defined controls
Incident management approach
Gemsmart has fortunately never experienced a major incident with the software.
Minor problems have been passed onto our Support Desk, usually via email or phone. Most problems have been found to relate to inexperienced Users not knowing their email address or not applying for a password to be set up until some time after the "token" request has been issued. These issues will normally only impact a single User and can be resolved by talking them through their issue.
Our Development team will investigate and rectify any software problem over night.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Gemsmart believes strongly in fighting climate change and have committed to moving all of our staff towards electronic or hybrid vehicles prior to the government deadline of 2030. We are also working, through the EverydayComply software, to move several organisations from the paper-based system they are currently using to a complete cloud option resulting in far less paper used throughout the organisation.
We have worked with the landlord of our office to reduce the use of the gas heating and swapped for a small more efficient fan heating system.
Covid-19 recovery

Covid-19 recovery

Gemsmart has worked with Everyday to provide customers with a combination of several Assessments and Training courses that are specifically focused on recovering from the Covid19 Pandemic. These courses also include a wide range of social care and mental health focused courses that are designed to directly help, health and care services with the impact of Covid 19 on their staffs and patient wellbeing

Internally both Companies, Gemsmart and Everyday Ltd., have made several changes to their own internal policies moving forward, these include, office social distancing, completely separate equipment, opening windows whenever possible and providing hand sanitizer to all staff at all times.
As a supplier to the Social Care industry we are preparing specialist Question Banks for Users to implement based around the conditions they have have met with the Covid pandemic. The lessons learnt and any good practices employed will be monitored and staff members will be routinely assess to ensure that continue to follow best practice.
Tackling economic inequality

Tackling economic inequality

Gemsmart and its partner Everyday Ltd are dedicated to creating entrepreneurship and helping small businesses to grow. They do this in a number of ways. Firstly, offering a range of training courses, often at no cost, that help small businesses in particular to train up and educate their staff on a large range of topics.

Everyday’s assessment options further add to this allowing SMEs to improve their staff's performance across the entire organisation by assessing their skill levels and identifying specific gaps where further training is needed. The Gemsmart and Everyday partnership is of further benefit to SMEs as the solution has been priced with this sized companies in mind. There are options to scale the price you pay by the numbers of users within the system, resulting in an extremely cost-effective solution for smaller organisations. Finally, the EverydayComply software allows users to access the system at anytime from anywhere allowing for training and improvement to take place at any time not affecting the day to day running of their business.
A number of our Users have opted to insure that the organisations in their supply chain meet and adhere to the procedures and policies they wish to implement by using the EverydayComply tool to assess the suppliers' employees' understanding of these.
Gemsmart with Everyday Ltd have a range of training and assessment options all specific to cyber security. These include a cyber security for small business assessment designed specifically to help small to medium companies with their cyber security requirements. These courses help staff throughout your organisation identify and understand their responsibilities and risks in relation to cyber security.

Pricing

Price
£240.00 to £800.00 a user a quarter
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Gemsmart will provide the Buyer with a number of generic modules for them to evaluate the software.
If required, we will prepare a number of bespoke Question Banks for them to implement within their organisation.
Any trial would be for three months but could be extended if necessary.
Link to free trial
Would require Gemsmart & User agreement

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mikedunk1@gmail.com. Tell them what format you need. It will help if you say what assistive technology you use.