SAFE SPACE TECHNOLOGY LTD

Safe Workplace - The Culture & Compliance Suite

World-leading culture & compliance platform. Reporting, case management, employee support, training, risk management, policies, mental health and more.

FREE ENGAGEMENT, DIVERSITY, PSYCHOLOGICAL SAFETY AND INCLUSION PULSE SURVEYS.

8x psychological safety. 50% less work. 6x early stage reporting. 70% would not have reported prior to SWP. 99% trust in anonymity.

Features

• Multi-channel reporting, 4 minute response time.
• Employee Relations Case Management
• Real-time response/chat to reports & concenrns
• Mental health reporting & case management
• Compliance training (inc reporting, EDI, BHD & culture)
• Training & full LMS
• Risk management
• Policy management
• Apps, portals and VOIP
• Reporting hotlines

Benefits

• 8x psychological safety (disproportionate positive impact in minority communities)
• 50% less case management workload
• 3x early stage reporting
• 99% trust in anonymity & reporting
• 70% of reporters 'would not have reported prior to SafeWorkplace"
• 400% increase in actionable intel
• 100% training compliance
• 99% conversion rate of support request/report to active conversation
• 400% increase in actionable intel

£3 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at luke@safework.place. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

260031285317839

Contact

Luke Aikman
07775768532
luke@safework.place

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: We can integrate with most HRIS software, as well as ActiveDirectory, etc.
• Cloud deployment model: Hybrid cloud
• Service constraints: NA
• System requirements:
  • Access to the internet
  • Modern browsers & mobile devices

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity 1 - 1 hour response; Severity 2 - 2 hour response; Severity 3 - 8 hour response; Severity 1 - 12 hour response; ; Within workinng hours.; ; 24/7 response can be provided at extra cost.; ; Triage response to employee report/support requests is within 15 minutes between 8am and 10pm 7 days a week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: -
• Onsite support: Yes, at extra cost
• Support levels: Culture and compliance workshops; Onboarding workshops; Training
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We run a series of 4 onboarding workshops and two training sessions. There is also a repository of online training constantly available.; ; Our technology team work with your IT team to integrate, if desired, the application with your ActiveDirectory or similar to enable automation of onboarding and offboarding of users.; ; Our team also work with you on a full communications plan, ensuring your staff are onboarded seamlessly.; ; We can also create bespoke trainings as well as help update codes of conduct, policies and anything else that's been on the 'to do list' for too long,
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: We will provide the data in CSVs or database dumps, as the client prefers.; ; We can also help transition to new suppliers if that's requested.
• End-of-contract process: Within the price, we will decommission and provide data dumps. ; ; Additional cost (per hour) will be any assistance of moving to a new supplier or the provision of data in prescribed formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile is through iPhone and Android Apps.; ; The apps are fully featured for staff.; ; The admin apps are designed for triage and communication, whereas the admin web portal is designed for full case, report, risk and policy management.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Yes - access is provided via our development team. We provide two-way integration on things like training record, employee conduct record, employee concerns, employee records, for onboarding and offboarding, and more.; ; NB endpoints are made available to clients on a request only basis, this is not 'generally available'
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Branding, workflows, training, user permissions, resources and much more.; ; The product is a 'platform' which we will customise for you during the onboarding process to suit your organisation's needs.

Scaling

• Independence of resources: Infrastructure is elastic, based on Llambda functions and self-scaling resources.

Analytics

• Service usage metrics: Yes
• Metrics types: A full BI suite, included but not limited to:; - Reports made; - Support conversations initiated; - Response rate; - Breakdowns by incident type, location, etc; - Breakdowns by demographic (where desired, able and appropriate); - Engagement and psychological safety statistics ; - Mental health data; -... and much more.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: A support request can be made which will be actioned by our team.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9%; ; Pro-rated refund.
• Approach to resilience: Confidential - available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Role and group-based permissions are setup with the client in onboarding.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOAccellerator
• ISO/IEC 27001 accreditation date: December 2023
• What the ISO/IEC 27001 doesn’t cover: Nothing we can think of.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: === Information Security Policies and Processes === ; ; Our company diligently follows a comprehensive set of information security policies and processes to ensure the confidentiality, integrity, and availability of data. These encompass data classification, access controls, encryption, incident response, and disaster recovery.; ; ==== Reporting Structure ====; ; The Chief Information Security Officer (CISO) directly reports to the Chief Executive Officer (CEO) and the Board of Directors, overseeing the entire security function.; ; ==== Policy Enforcement and Adherence Assurance ====; ; We conduct regular audits and employ automated monitoring tools to ensure compliance. Non-compliance is addressed through disciplinary action, retraining, or process improvement initiatives. Furthermore, we conduct training, awareness programs, and simulated phishing exercises on a regular basis.; ; === Regulatory Compliance ===; ; We maintain compliance with all relevant laws, regulations, and industry standards, including GDPR, Cyber Essentials, NIST, and ISO 27001, among others.; ; === Continuous Improvement ====; ; Our commitment to continuous improvement is evidenced by feedback mechanisms in place to identify enhancement opportunities.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Tracking:; - inventory management; - Unique IDs; - Automated monitoring; - Version Control; Lifecycle reviews; ; Assessing changes for potential security impact:; - Change impact analysis; - Security testing; - Risk assessments; - Compliance verification; - Documents and communciation
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: To manage vulnerabilities, we conduct regular security assessments to identify potential threats. We promptly deploy patches by following a well-defined process based on the severity of the vulnerability. Information about potential threats is sourced from reputable sources such as security advisories, threat intelligence feeds, and vendor notifications. This proactive approach helps us stay ahead of emerging threats and ensures the security of our services.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: I. How to Identify Potential Compromises:; ; We use intrusion detection systems, log analysis, and network traffic monitoring to identify potential compromises.; ; II. How We Respond to Potential Compromises:; ; We immediately isolate affected systems, conduct forensic analysis, and escalate the issue to our incident response team.; ; III. Response Time:; ; Our goal is to respond to potential compromises within minutes, aiming for a swift and effective resolution.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Pre-defined processes: We have established pre-defined processes for common events to ensure prompt and effective resolution.; ; Incident reporting: Users report incidents through our dedicated support portal or by contacting their account manager directly.; ; Providing incident reports: We provide incident reports through email notifications, status updates on the support portal, and regular communication to the stakeholders involved.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Safe Workplace highlights inequality in staffing, allowing proactive strategic response and training to ensure promotions internally proportionately at the expected levels across genders and communities.; ; We also highlight where mental health issues and misconduct are disproportionately impacting demographics, again allowing proactive action.

  Equal opportunity

  No human should experience bullying, yet minority communities experience it 8 times as often and women more than twice as often as men.; ; Safe Workplace decreases bullying, discrimination and harassment and importantly increases psychological safety 8x.; ; We provide a safety net for employees that were previously scared to reach out for support when things were going wrong.

  Wellbeing

  Safe Workplace has created the world's first mental health case management system.; ; We monitor wellbeing via pulse surveys but importantly provide inline anonymous support and advice where needed.; ; For organisations, this is increasingly important, also. The number of employee claims for stress and anxiety is increasing. Safe Workplace ensures any mumour of stress and anxiety is managed compliantly.

Pricing

• Price: £3 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Engagement surveys to all staff and mini roll out to HR team.; ; 30 days limit.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at luke@safework.place. Tell them what format you need. It will help if you say what assistive technology you use.