Smart Test - Automated Testing for Workday

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Web Browser access is only required. The following versions and above are supported:

• Internet Explorer: Version 11
• Firefox: Current Version
• Chrome: Current Version
• Safari: Current Version
• Edge: Current Version

Workday Preview window occurs biannually where we guarantee - Week 1 support for Integration, Security testing, and full support for BP testing from Week 2 onwards.

Planned maintenance releases occur on Saturday morning to coincide with Workday releases though these are predominantly zero-downtime deployments. If the planned outage is required this will be communicated in advance and a maintenance page will appear.
System requirements: Browser: IE8, IE9, Microsoft Edge, Firefox, Chrome, Safari 9+

Spreadsheet editor capable of reading and saving .xls format

Workday (Smart is an automated testing product for Workday)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Kainos provides a named Engagement Manager who will be the support owner. Customers receive access to the Kainos Incident Management System. This allows for tracking of all tickets raised, to ensure that Kainos meets its SLA commitments and allows for an easy-to-use web interface where the details of all engagements can be viewed and tracked, and reported, more easily. Target response times are based on priority - Critical (1 hour), High (2 hours), Medium (4 hours), Low (1 day), Query (2 days). Service hours are 9 am-5 pm GMT, excluding UK public holidays. Optional out-of-hours support is also available.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: As per our SLA one level of support will be agreed upon at the time of contracting.

This support cost is included as part of the subscription service cost so there is no additional charge.

We provide a dedicated Service Manager who has overall responsibility for day-to-day support, the Service Manager will liaise with our Development Operations team (Cloud Service) as required e.g. if server maintenance is required. In addition, we will hold regular calls with key stakeholders from the customer side via our Customer Success Manager to discuss account management queries.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: All Kainos Smart implementations are tailored to suit the specific requirements and timelines of the customer and typically cover the following objectives:

- Kick off - the Kainos team provision your Smart tenant including connectivity to your Workday tenants.

- Plan stage - a series of collaborative meetings to agree on an implementation plan (timelines), agree & qualify the success objectives, identify test requirements and establish governance procedures.

- Delivery Stage - Kainos build and deliver the tests as agreed with the customer during the plan stage.

- Knowledge transfer & training - knowledge transfer workshop to complete handover of tests and user documentation to ensure the customer team is self-sufficient going forward.

- Support – transfer to the Kainos Smart support team and assignment of Customer Success Manager to ensure customer continues to realise benefits for the remainder of the subscription term.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Kainos will retain Customer Data for a period of 13 months from data entry: Customer Data will only be available via the Smart tenant web application.
Data can be exported unaided by the customer from Kainos Smart using the export functionality within the product that allows export of audit checks results to .csv file format.

Data can be exported unaided by the customer from Kainos Smart in the 2 year period after data entry using the export functionality within the product that allows the export of test run results to .csv and .pdf file formats and export of the test data templates that contain the executable customer-specific test cases to .xls format.
End-of-contract process: All data are removed after contract ends within 60 day.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Kainos Smart is a SAAS browser-based application. Users can access via user account and logins (permission-based access) using this cloud-based platform. Users can configure test scripts via the browser and can set the frequency of execution, view results and rectify issues identified via the browser.
Accessibility standards: None or don’t know
Description of accessibility: TBC
Accessibility testing: TBC
API: Yes
What users can and can't do using the API: "Smart Test has a REST API, the main purpose of which is to allow customers to orchestrate tests from an enterprise ALM (Application Life Cycle Management) tool or CI (Continuous Integration) Tool. When using Smart Test in this way, tests must still be created via the Smart API. However, once tests have been created they can be executed and re-executed from a 3rd party tool, with the 3rd party too having the ability to retrieve full detailed results via the API also.
The API does not allow users to create or modify test cases."
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: "Smart Test has capabilities built in where users could create their own tests, modify existing tests and/or delete the test runs which were previously run.
The access is managed via a permissions framework - and the level of access can be controlled by the administrators of the product .
Smart test is a data-driven testing system, therefore tests could be created for regression tests, but also for any project testing."

Scaling

Independence of resources: Kainos Smart has auto-scaling configured to enable it to handle peaks in customer usage. The auto-scaling is designed to ensure that the infrastructure resources automatically scale to handle demand from all customers. The system is capable of processing tens of thousands of tests an hour. Kainos Smart uses Amazon Web Services Auto Scaling Groups.

Analytics

Service usage metrics: Yes
Metrics types: We provide a breakdown of Usage per month, this includes:

– number of tests run by month
– number of tests run by test type
– uptime metrics
– Support ticket response metrics.
Reporting types: Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Data can be exported from Kainos Smart at any stage during the subscription term by the customer.

There is export functionality within the product that allows the export of results to .csv and .pdf file formats.
Data export formats: Other
Other data export formats: XLS
Data import formats: Other
Other data import formats: XLS

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Unplanned outage: Uptime SLA 99.5%*

* based on 7 days x 24 hours per calendar month (exclusive of planned outage) this equates to 3 hours, 36 minutes per calendar month or 1 day, 19 hours, and 48 minutes per year of unplanned outage.

Planned outage:
10 hours per month scheduled downtime (on 24 hours’ notice, to Customer, via email, of planned outages). The Subscription Services:

- may experience scheduled downtime of up to 10 hours per month for service updates;
- shall be available no later than 24 hours after each Workday update.
- updates will be aligned where possible with the Workday planned outage schedule.

Disaster Recovery:
Kainos targets a recovery time objective (the timeframe within which Kainos aims to have the Subscription Services restored) (an “RTO”) of 12 hours following an agreed Category A (Critical) incident occurring, measured from the time the Subscription Services become unavailable until it is available again. Kainos targets a recovery point objective (the maximum amount of transactional data that could be lost) (an “RPO”) of 24 hours. The RTO and RPO are target times only.

Due to the low price point of the product, Kainos do not offer service credits or refunds.
Approach to resilience: Kainos Smart leverages Amazon Web Services Auto Scaling Groups for all its servers. Auto Scaling Groups are configured to use three independent Availability Zones in each region. Each of the availability zones has a separate data centre with its own independent power and network supplier.

Should there be a service disruption in one of the availability zones Amazon Web Services will automatically switch to the other ones. Kainos Smart application will route all requests automatically to redundant servers. Further, all Kainos Smart databases (PostgreSQL, Oracle, and Redis) leverage multi-zone deployments. In addition, Kainos Smart has enabled automatic daily database snapshots for its databases. The database snapshots are automatically copied to Amazon Web Services secondary region and Rackspace data centre (secondary cloud provider). Files stored in Kainos Smart are stored in Amazon Web Services S3 service with a live bi-directional cross-region replication. Further, all files are also stored in the Rackspace CloudFiles service.

Availability SLA: 99.5% (unplanned outages)

Due to the low price point of the product, Kainos do not offer service credits or refunds.

For more information on the SLA please refer to section “Guaranteed availability”.
Outage reporting: We report both planned and unplanned outages by email alert.

Identity and authentication

User authentication needed: Yes
User authentication: Public key authentication (including by TLS client certificate)

Limited access network (for example PSN)
Access restrictions in management interfaces and support channels: Kainos Smart provides a separate Smart Management console that is only available to Kainos professional services and support staff to modify configuration parameters of customer’s Smart Tenants. Customer data is not available through this Management Console.

Access is restricted to the Kainos network and VPN. Users are authenticated using Username and Password.

Sensitive functionality within the console is controlled via 4 eyes policy workflows, preventing individual users from performing critical actions.

Kainos' access to Customer Smart tenants is controlled by each customer via their Smart tenant including IP restrictions and account auto-expiry rules.
Access restriction testing frequency: At least every 6 months
Management access authentication: Other
Description of management access authentication: SSO

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: BSI
ISO/IEC 27001 accreditation date: 12/03/2020
What the ISO/IEC 27001 doesn’t cover: Scope covered under this certification: Information security in relation to the design, development, testing and support of IT solutions delivered using distributed working practices in accordance with Statement of Applicability version 6.0.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: Kainos has been assessed for SOC2 Type 2 compliance by EY.
Information security policies and processes: ISO27001 - policies include: asset management, human resources, cryptography, access control, physical and environmental, systems development and testing, compliance, communications, data protection/privacy and incident management.
SOC2 Type 2 - focusing on Security Trust Principles

This information security policies are audited and certified by the British Standard Institution (BSI) against the ISO27001:2013 standard. Audits happen bi-annually.

New staff are required to confirm their understanding of all security policies. Annual security awareness training ensures staff are fully aware of processes. Training is administrated though a digital online system to ensure completion by all staff.

In addition to 3rd party audits, regular internal audits are performed on our information security controls.

In terms of reporting structure, we have a Chief Information Officer and Chief Security Officer into by an InfoSec Management Team, Security Practice and a number of Business Unit Security Officers. The InfoSec Management Team is reported into by a Corporate InfoSec Officer, an IT Systems Security Manager, a number of Systems Security Representatives and a Facilities Security Officer.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Customers log issues and change requests via the support portal.

Application defects and new features are logged in JIRA. JIRA tickets follow strict workflow statuses from appraisal through to testing, ensuring segregation of duties with approval steps at each stage.

Security is considered at all stages of the ticket workflow. Developers and testers focus on OWASP standards. All code changes are peer-reviewed.

Automated security testing uses tools including Arachni, Nessus, Zapp, W3AF scanner, and Burp suite.

3rd party penetration and vulnerability scans take place bi-annually.

Our software stack and environment builds are managed by Puppet and AWS CloudFormation services.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: The platform team performs Linux, AWS, and HTTPS scans of our application daily.

Weekly, the Smart application is scanned for vulnerabilities, using OWASP tools that utilise the NIST NVD.

Production environments have auto-attend patch updates configured, meaning the latest patches are applied automatically.

Any identified vulnerabilities are reviewed by the security team. Vulnerabilities that have the potential to compromise customer data, with a high risk of exploitation will be classified as critical.

Bi-annually, Kainos uses a 3rd-Party Information Security company (CESG and Check approved) to perform vulnerability and penetration testing of Smart.

Kainos aims to resolve critical vulnerabilities within 24-hours.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Trend Micro IDS and IPS are configured on the Smart production environment performing the following checks(Malware, Log inspection, Web reputation, File, process & port integrity).

Web Application Firewall deployed with checks including HTTP Protection, Real-time Blacklist Lookups, Web-based Malware Detection, HTTP DDOS, Common Web Attacks Protection, Automation Detection, Trojan Protection, Identification of Application Defects, Error Detection, and Hiding.

Elastic Stack is configured for log aggregation and real-time alerting.

Any potential compromise is reviewed by our security team to understand the extent of the compromise.

Kainos aim to respond to incidents immediately, with notification to customers of suspected compromise within 24-hours.
Incident management type: Supplier-defined controls
Incident management approach: A) Customer contacts Kainos with the incident by phone, email, or online ticketing system.
b) Incident is triaged by assigned Support Engineer and if possible resolution identified, actioned, and communicated back to customer.
c) If additional assistance is required, an incident is raised with specialist Kainos Smart technical teams.
d) Once a resolution has been found, an incident ticket will be updated with details of when the fix will be released.
e) Once the issue has been resolved, the support engineer follows up with the customer to ensure they are satisfied with the result.
f) Incident ticket will be closed.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Kainos commits to working with your organisation to ensure that opportunities under the contract delivers agreed Policy Outcomes and Model Award Criteria.

Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will, therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.

The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Fighting climate change’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:

MAC 4.1 Deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.

MAC 4.2 Influence staff, suppliers, customers, and communities through the delivery of the contract to support environmental protection and improvement.

Example reporting metrics of benefits delivered under the contract may include: People-hours spent protecting/improving the environment under the contract, Number of green spaces created under the contract, reduction in emissions of greenhouse gases, reduction in water use, and reduction in waste to landfill.

Covid-19 recovery

Kainos commits to working with your organisation to ensure that opportunities under the contract delivers agreed Policy Outcomes and Model Award Criteria.

Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will, therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.

The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Covid-19 recovery’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:

MAC 1.1: Creation of employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high-growth sectors.

MAC 1.2: Support for people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding.

MAC 1.3: Support for organisations and businesses to manage/recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.

MAC 1.4: Support for the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.

MAC 1.5: Improvements to workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions

Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment for those made redundant due to COVID-19, people-hours supporting local community integration related to COVID-19, and percentage/number of supply chain to have implemented the 6 standards in the Mental-Health-at-Work commitment.

Tackling economic inequality

Kainos commits to working with your organisation to ensure that opportunities under the contract delivers agreed Policy Outcomes and Model Award Criteria.

Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will, therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.

The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Tackling Economic Inequality’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:

MAC2.1: Create opportunities for entrepreneurship and help new organisations grow.

MAC2.2: Create employment/training opportunities for people who face barriers to employment, are located in deprived areas, and in industries with known skills shortages or high growth sectors.

MAC2.3: Support educational attainment including training schemes

MAC 3.1: Create a diverse supply chain including new businesses/entrepreneurs/start-ups/SMEs/VCSEs/mutuals.

MAC 3.2: Support innovation and disruptive technologies throughout the supply chain to deliver lower cost, higher quality goods/services.

MAC 3.3: Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.

MAC 3.4: Demonstrate collaboration and a fair/responsible approach to working with supply chain partners.

MAC 3.5: Demonstrate action to identify/manage cyber security risks in the delivery including in the supply chain.

Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment/apprenticeship/training opportunities created, learning interventions delivered, start-up/SME/VCSE/mutuals opportunities awarded, and relevant supply chain metrics e.g. Cyber Essentials certification and adoption of NCSC 10 steps.

Equal opportunity

Kainos commits to working with your organisation to ensure that opportunities under the contract delivers agreed Policy Outcomes and Model Award Criteria.

Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will, therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.

The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Equal opportunity’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:

MAC 5.1: Demonstrate action to increase the representation of disabled people in the contract workforce.

MAC 5.2: Support disabled people in developing new skills relevant to the contract, including through training schemes resulting in recognised qualifications

MAC 6.1: Demonstrate action to identify/tackle inequality in employment, skills and pay in the contract workforce.

MAC 6.2: Support in-work progression to help people, including those from disadvantaged/minority groups, to move into higher paid work by developing new skills relevant to the contract.

MAC 6.3 Demonstrate action to identify/manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

Example reporting metrics of benefits delivered under the contract may include: Percentage/number of FTE disabled/under-represented people employed as a proportion of the total FTE including apprenticeships/training schemes, percentage/number of companies in the supply chain to have committed to the five foundational principles of good work, percentage of supply chain mapping completed, and people-hours devoted to supporting victims of modern slavery.

Wellbeing

Kainos commits to working with your organisation to ensure that opportunities under the contract delivers agreed Policy Outcomes and Model Award Criteria.

Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will, therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.

The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Wellbeing’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:

MAC 7.1: Demonstrate action to support health and wellbeing, including physical/mental health, in the contract workforce.

MAC 7.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.

MAC 8.1: Demonstrate collaboration with users and communities in the co-design and delivery of the contract to support strong integrated communities.

MAC 8.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support strong, integrated communities.

Example reporting metrics may include: Percentage/number of the supply chain to have implemented measures to improve the physical and mental health and wellbeing of employees including the 6 standards in the Mental Health at Work commitment and mental health enhanced standards in ‘Thriving at Work’, and people-hours supporting local community integration e.g. volunteering/community-led initiatives.

Pricing

Price: £23,100 a licence a year
Discount for educational organisations: No
Free trial available: No

Smart Test - Automated Testing for Workday

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Smart Test - Automated Testing for Workday

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents