IRIS SOFTWARE LIMITED

Every HR by IRIS

Every HR By IRIS is a complete, cloud-based, modular HR management system designed specifically for schools and trusts. Whether you’re hiring, managing absences, preparing for performance reviews, or building culture, Every HR gives you the control and insight to create an environment where your staff can flourish.

Features

• Real time HR reporting
• Site wide licensing, unlimited users
• Trust Overview
• Payroll integrations
• Library of 150+ CPD accredited E-learning content
• Manage staff absence, performance and training
• End to end process for recruitment
• Workforce Census and Single Central Record
• Case management
• Dedicated support team via live chat, phone, and email

Benefits

• Make proactive rather than reactive decisions
• Ensure a consistent approach across HR processes
• Information is easily accessible and stored in one place
• Dedicated Implementation Specialist for onboarding
• Features to support with staff absences
• Multi Academy Function to implement certain modules, reducing admin time
• Streamline recruitment processes to assist with attracting the best talent
• Ability to update data en masse
• Reduction of duplicated work with the SCR and WFC modules
• Effortlessly track CPD hours

£1,526.00 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

296628151503542

Contact

Bid Team
0344 225 1525
BidTeam@iris.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Web Browser
  • Internet connection
  • Wifi for mobile apps

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Creation of support tickets within 30 seconds
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Every's web chat is available via all user accessible pages on Every, meaning the user has constant, easy one click access to support.; The web chat is provided by an established provider, who have done a self-audit under VPAT 2.1 accessibility standards set by the - Information Technology Industry Council (US),; VPAT 2.1 includes criteria from WCAG 2.0 and EN 301 549, as well as the Revised Section 508 Standards.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Technical and product support is provided through live chat, telephone and email channels in the first instance.; Should additional support be required then this will be escalated to the technical team who will assess the resources required and decide next steps.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers are allocated a unique Implementation Number and assigned a dedicated member of the Engagement Team whose primary role is to guide the client through the setup and implementation of the software. ; ; On introduction with the client, an Engagement Specialist will discuss their priorities and expected outcomes from the implementation.; ; A bespoke plan is then created setting out the optimal way of implementing the system for that customer to achieve their expectations. The process is supported through phone calls, account reviews, webinars, user documentation and a project implementation tool for communication.; ; Once the system is set up, the customers are able to receive training either virtually or onsite at an additional cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Excel
• End-of-contract data extraction: The majority of core data can be exported by users through the report builder module or within certain parts of the system and these files will be produced as Microsoft Excel or Word formats.; We offer a data extraction service for additional data that is not directly available to users. This is offered at no cost if the data is not downloadable in the system, but for more complex extractions, there will be an additional cost.; ; Additional data (metadata) can be returned to the client within a set time period, as defined in the Terms and Conditions.; ; In the first instance, there are no charges for the return of data or switching off the service at the end of contract, however, additional data may be charged at a fair rate, where required.
• End-of-contract process: The platform allows data to be exported into CSV/Excel/Word format. At the end of the contract the client data remains subject to the robust back up regimes for a short period before being marked for deletion/anonymising/pseudonymising, in line with our commitment to comply with the GDPR.; ; Additionally required data (metadata) can be returned to the client within a set time period as defined in the Terms and Conditions.; ; In the first instance there are no charges for the return of data or switching off the service at the end of the contract, however additional data may be charged at a fair rate where required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service provides a subset of functions, specific to tasks that would be performed and are acceptable to update via a mobile device. ; The desktop (web based) service provides more comprehensive functionality and reporting, however the mobile service provides all the functionality required for the scenarios it is intended to be used for.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API links through Wonde are in place to push and pull data between EveryHR and MIS systems. The level of detail and data pulled/pushed is dependant on the MIS system and their links with Wonde.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Various parts of the system can be customised by the admin users, such as product branding, including webpage, report logos and titles. Key data categories can be customised such as user groups, access levels and certain system notifications, product branding (such as user groups, access levels, data partitioning groups) and certain system notifications (such as emails).; All the items listed above can be customised by user administrators in the settings part of the system.

Scaling

• Independence of resources: The service is provided by load balanced web servers with regional failover.; The performance and infrastructure of the software is monitored 24/7 and there is the possibility for more servers to be available on demand if required.

Analytics

• Service usage metrics: Yes
• Metrics types: We continuously monitor system performance based on a few factors, such as page loading time and query return performances. Analytics are made available to customers in the form of charts, graphs and tables.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users are able to export data through a variety of inbuilt reports in Word or Excel formats. More detailed exports can be requested and Every will endeavour to meet these requests in a timely manner.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Word
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Guaranteed availability is 99.5% annually. Actual achieved availability is at 99.99%.
• Approach to resilience: The system is hosted within a UK data centre, with separate, load-balanced web and database servers.; ; Redundant Internet links, network connectivity and a multi-DC provider strategy reduce the risk from data centre failure.; ; All local disk arrays are RAID10 for additional resilience and all hosts and core networking devices are dual powered. Our host data centres are supported by at least N+1 electrical infrastructure with at least dual geographically redundant network feeds. The hosts also maintain an ISO 27001 managed Business Continuity and Disaster Recovery plan at a corporate level that seeks to ensure the maximum availability and integrity of service delivery, support and communications.; ; Catastrophic failure should result in downtime of no longer than 30 minutes.
• Outage reporting: Planned service outages are notified to customers at least two weeks in advance by both messages within the system and by email.; Unplanned or emergency outages are notified to the customer by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is limited to authorised personnel, as required solely to fulfil their role. ; Customer permission must be given before any user data is accessed and all management interfaces and support channels are fully audited.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is driven from board level and is fundamental part of all processes. We comply with Cyber Security Essentials.; There are policies and procedures in place covering: Information Security, GDPR, Acceptable Use, Stored Data, Access Control, Data in Transit, Physical Security, Disposal of stored data, System protection, software development and testing. These are issued to, tracked and followed by all personnel.; Internal and external training is provided on an annual basis and reinforced quarterly.
• Information security policies and processes: IRIS operates using a full suite of policies and procedures, including but not limited to:; IRIS Group Data Protection Policy ; IRIS Information Security and Acceptable Use Policies Summary ; IRIS Data classification and handling policy; Personal data incidents reporting procedure; Engineering Personal Data Breach Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are tracked and monitored through the development / release cycle. All components are unit tested, manual tested and release tested prior to release. Regular automated penetration tests are run on test servers with release code, prior to release.; Tracking is recorded and monitored through project and issue management tools.; All component changes go through a formal process of scoping, specification, implementation, regression testing and release.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow the OWASP guidelines including security testing on our product for the OWASP Top 10 vulnerabilities.; In addition to our development procedures, the application is automatically penetration tested using software penetration testing tools at each major release. It is also penetration tested annually using a CREST accredited security company.; Our hosting environment is penetration tested on a monthly basis.; Patches are generally deployed immediately after they are approved for release, or as soon as practicable (after they are approved for release) in other cases.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is provided covering both hardware/software failure and system attack/compromise.; Intrusion detection systems monitor system changes, as well as providing a comprehensive audit trail of changes.; Additionally, the system and applications are monitored live for availability and/or failures.; Audit trails and monitoring tools are used to identify issues or potential compromises.; Notifications are provided to key members of staff and prioritised accordingly. Target incident response time is immediate or as close to as possible.
• Incident management type: Supplier-defined controls
• Incident management approach: The incident management process is defined formally in the Information Security policy.; Users report incidents or suspected incidents to the internal service desk and these are then reviewed by one of the information security team. All calls, emails or live chat records are logged and tracked until closure.; Tickets are dealt with or escalated to the appropriate level (including board level) as appropriate.; In the case of major incidents a major incident report will be produced. For minor or non-incidents, feedback will be given to the users directly.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We are committed to ensuring equal opportunities at IRIS. Our CEO, Elona Mortimer-Zhika, celebrates diversity in our workplace and expects the culture and environment of IRIS to be based on mutual respect and free from discrimination. We are committed to delivering a competitive and fair employment environment. We put equality, diversity, and inclusion at the forefront of our decisions, monitor progress, take action to continually improve, and be transparent with our findings. We have a zero-tolerance approach to discrimination based on protected characteristics and any allegations of discrimination will be dealt with in line with our Disciplinary policies. We have several wellbeing groups, including Unique which provides support for physical or mental health conditions or neurodivergent people. We provide a variety of training schemes to all employees, regardless of any protected characteristic, and encourage progression through our organisation.; ; We are passionate about gender equality and are committed to building a diverse workforce. We have continued to invest in our range of programmes to support gender equality and support the women of IRIS so they can reach their full potential. These initiatives ensure that we continue to focus on making IRIS a great place to work, enable our people to flourish, improving gender pay equality and providing equal opportunity for all. IRIS Groups championing of women in leadership has been recognised as a Great Place to Work for Women. The executive team comprises of three female leaders and 11 male leaders. ; Our Modern Slavery Policy sets out the ways in which we identify and manage the risks of modern slavery as a business, including risk assessment, risk mitigation and staff training. IRIS reviews all material suppliers and assesses whether any risks of slavery or human trafficking arise.

  Wellbeing

  We are committed to engaging, supporting and empowering our workforce. We create an environment where they feel part of a team; from regular global company updates to social evenings and charity events. We’re a UK Best Workplaces™ for Wellbeing. We have over 40 Mental Health First Aiders, have a weekly workplace support group and offer a free Employee Assistance Programme and bereavement counselling. We have several wellbeing groups and celebrate diversity. We offer colleagues a cycle scheme, private medical insurance and reduced gym memberships. We hold company fitness challenges and provide free fitness sessions. We’re proud to be a Real Living Wage employer, provide UK cost of living support, offer a tech and car scheme and give access to money coaches, workplace ISAs and pension, life assurance and critical illness cover. We seek our employees feedback on benefits that matter to them.; We give our employees three ‘Giving Back’ days a year on top of their annual holiday entitlement to support local community and national charitable cause. Employees are encouraged to actively give their time and skills to fundraise for a charity of their choice and volunteer on community projects, including being a school governor, charity trustee, reading with school children through the Benchmark scheme, mentoring in schools and running money management courses, both externally in conjunction with charities and schools, as well as internally with IRIS employees.

Pricing

• Price: £1,526.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.