Alphatec Software Ltd

Timebox - Cloud Hosted, Time Recording and Expenses Management copy

Alphatec Software's Timebox is an award winning time recording and expenses SaaS solution, that will help you manage time spent and expense costs in dealing with directorates, clients, shared services, departments, cases, projects and activities. This helps with staff productivity, staff well-being and resource efficiency.

Features

• Analyse time spent on individual clients, cases and services
• Analyse time spent with shared services, departments or business sectors
• Understand the true cost of dealing with claims/cases
• Ensure you are maximising efficiencies from staff
• Understand true cost and profit of the services provided
• Input, Calculate and Monitor Expenses
• Record time and expenses remotely, using smartphone or tablet devices
• Record training, sickness and holidays
• Provide accurate detail of work completed
• Real-time reporting

Benefits

• Supports agile/home working and hot desking
• Improve process, productivity and performance and work on any device
• Real-time visibility and reporting on all time and expense costs
• Monitor departmental and project level budgeting and variance
• Resource planning and individual cost control
• Detailed explanation of work carried out to client and department
• Timebox is configurable to your organisations structure and terminology
• Timebox is continually enhanced to meet your needs
• Understand the true profit/contribution of your Department
• Leading edge reporting capabilities

£12.63 to £15.63 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sdavies@alphatec.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

324161587955309

Contact

Simon Davies
01327 342 299
sdavies@alphatec.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Users must have access to a web browser
  • Users should have access to a PDF viewer
  • Users should have access to a Excel viewer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Acknowledgement will be within the hour and resolution is typically within one hour of acknowledgment. Standard support is only available during UK office hours Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of support for all users. Support is included in the subscription cost. Each account is allocated a primary account manager and primary support contact. SLA 1-Critical Problems causing hosted downtime Initial response within 15 minutes of notification of error for 95% of errors, initial response within 30 minutes for remainder of errors Fix strategy communicated within 4 working hours of notification of error Solution or work-around within 0.5 working days for 90% of errors SLA 2-Problems causing hosted downtime or severe service degradation Initial response within 15 minutes of notification of error for 95% of errors, initial response within 30 minutes for remainder of errors Fix strategy communicated within 4 working hours of notification of error Solution or work-around within 1 working day for 90% of errors SLA 3-Non-Critical Problems Initial response within 4 working hours of notification of error for 95% of errors Fix strategy communicated within 1 working day of notification of error Solution or work-around within 2 working days for 90% of errors SLA 4-Minor Problems Initial response within 1 working day of notification of error for 95% of errors Solution or work-around within 4 working days for 90% of errors
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Alphatec use our expertise in dealing with hundreds of organisations to help guide new accounts through the process of configuring and setting up their account in order to gain maximum benefit. ; ; As part of the implementation process. we provide onsite training or online training depending on the organisations preference.; ; There is also user documentation available as well.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The standard Timebox reports allow users to extract their information if they wish. If the users want the information in a specific format to ease with migration to a new platform, we are happy to provide the consultancy to facilitate this.
• End-of-contract process: At the end of the contract the user is required to give notice of wishing to end the contract. At that point in time we will start discussions with them to agree a date when they want us to supply their information to allow them to have a seamless transition. We will then discuss the informational needs and will supply them with their information on the day they want it delivered and once they confirmed receipt of the information, we will revoke their access to the account. If they would like us to, we will hold their data on the system for up to 30 days, so as to allow them to ensure they have everything they need for moving forward and we will then confirm with them that we are going to delete their information from Timebox permanently. The information will then be deleted. At all stages we will work with the client to help ensure the move is as simple and easy for them as possible.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile and desktop services are identical and the system user interface is fully responsive so that the screen rendering takes account of the size and form factor of the mobile device being used.; ; Mobile: Timebox runs on:; iPhone; Android Smart Phones – E.G. Samsung; Windows Phones; Windows Tablets; iPad; Android Tablets; Running modern supported versions of the appropriate Windows, Android and iOS Operating systems.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Service interface provides a simple, easy to use interface and user dashboard to allow you to track staff time, costs, expenses and income in relation to all services, projects and activities carried out - whether in relation to a client, case or claim. ; ; As well as this, individual users can use their dashboard, to track time spent on clients, services and activities over a given period.; ; The system provides a fully responsive web interface to the service, a management and user dashboard service interface and a mobile specific service interface for the entering of time and expenses.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The system was developed with the Kendo UI control suite which supports WCAG 2.1AA and AAA
• API: Yes
• What users can and can't do using the API: The current API is limited to the inclusion of clients and income
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Admin users can add their own activities in the system set-up area of Timebox. They can also add their own services, clients, departments, users and expense types.; Alongside these facilities, they can also set up "tags", to associate clients or departments together to monitor time, expense and income costs.; There is also a specific project area, to allow users to track budgeted project costs against actual costs based on time costs. ; ; The words client and department have been used in the description above but Timebox even allows you to define the naming of the organisational structure - e.g. this could just as easily be directorate and section or service and department if Timebox is implemented in a small part of the organisation.

Scaling

• Independence of resources: Resource utilisation is monitored and flexed to ensure the system operates quickly and smoothly for all users.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can themselves report on the various metrics including time spent with clients, on cases, on projects and on an individual user by user basis as well.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: In addition to the above, the databases are all encrypted with TDE and even within the databases, secure data such as password credentials are further encrypted.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data in a number of ways including Excel, PDF and CSV (simplified excel)
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel: import only available as part of new account setup

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We also implement a number of additional security measures to ensure security of both the system, the communication and the users data. e.g. we implement secret key authentication on all pages to protect users from cross site scripting. All data is encrypted over HTTPS.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The applications are monitored 24 hours a day, 365 days a year, with 24 hour support at network, developer and DBA level.; ; We guarantee 99.9% up time. We do not provide refunds.
• Approach to resilience: This information is available on request
• Outage reporting: Through our web site, e-mail alerts and Twitter/X.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Username, Password and a unique Account ID known only to the users of the account
• Access restrictions in management interfaces and support channels: Access to management modules is secured and access to the individual modules, can be defined by a system admin user on a user by user basis.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CDL Group
• ISO/IEC 27001 accreditation date: 31/03/2024
• What the ISO/IEC 27001 doesn’t cover: There are no exemptions in relation to the service listed on the framework.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2008
  • ISO 2000:2011
  • ISO 14001:2004
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security policies and processes are all ISO 27001 certified. As well as the above, all releases are subject to security assessments based on the following criteria:; a) New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.; b) Third Party components – will be subject to full assessment after which it will be bound to policy requirements.; c) Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.; d) Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.; e) Emergency Releases – An emergency release will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by a Director or appropriate manager who has been delegated this authority.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management is managed through our change management system Jira and Confluence. ; ; All source changes are managed through source control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have external and internal vulnerability scans. These are run twice a week and any critical or high issues found are resolved as they arise, medium are planned for deployment or patching along with the frequent upgrade deployment. The system also runs immediate zero day threat analysis and reporting for any new or emerging threats. Service packs and patches are applied once their impact on applications and users has been assessed and tested. The information for the issues, service packs and patches comes from the internal and external vulnerability scans that run twice a week.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have threat detection and DDoS protection within the datacentre and also have the application configured to provide logging and automatic notification of both errors and unauthorised behaviours.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents by e-mail or by telephone to our support team. We have documented processes in place for common events (e.g. user access etc).; All support incidents are logged in Jira our incident management system and tracked through the SCRUM broads.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Timebox is a hosted solution accessible from anywhere with an internet connection and on any device. Being hosted, means that users do not need any servers to benefit from using the system, so this is a saving in both power and space usage. Being hosted, allows for users to access the system from home, so they don't have to drive into their offices to use Timebox, which again, is a further environmental benefit, as they are not using their vehicles and producing exhaust fumes. We operate a hybrid working policy, so staff do not need to drive into the office every day and work from home, so again offering an environmental benefit from lower vehicle usage. We have very few suppliers and those that we do use, have detailed climate polices in place and are 100% carbon neutral.

  Covid-19 recovery

  As is with some of our other responses, as Timebox is a truly hosted solution, it can be accessed on most modern web browsers and on any device with access to the internet. If a user is instructed to work from home and no longer needs to go into the office, all they need to do, is use an internet enabled device to log on to Timebox and continue to work on whatever they may have been doing whilst at their offices.; ; Being web-based means that those staff who are still shielding or are concerned in being around others/in an office, can easily work from home/remotely, which in turn also helps with staff on-going costs, as their travel is reduced.

  Tackling economic inequality

  Timebox is an extremely cost-effective time and expense recording system, that can be used to manage and report on all time spent on work related activities and any expenses relating to these. ; ; The system is continually enhanced with feedback from our extensive list of users in lots of business sectors. These continual developments mean that clients are future proofing themselves with new ways of working to increase their productivity and decrease costs.

  Equal opportunity

  When any new employee joins the business, we have several policies in place to ensure that they are treated fairly and have the same equal opportunities as everyone already working within the company. These policies are regularly reviewed and cover lots of different areas and are accessible for all staff members to access and read at their leisure. A full explanation of the staff handbook containing all policy documents is explained during staff inductions and a reminder during staff 1:2:1’s and annual appraisals. The employee appraisal forms that are completed during each employee appraisal, detail performance matrices and employee/manager feedback as below: Job Knowledge Work Quality Productivity Key Strengths Attendance and Punctuality Dependability Communication Skills Teamwork Working with Others Kay Areas of Success and Improvement Training and Development Action Plan Feedback Summary These sessions allow each manager and employee to have a detailed discussion around their working life within the company and their on-going personal development. The policy documentation folder is open to all employees to read any of the detailed Alphatec policies as and when they would like to update themselves. Our systems are also WCAG 2.1 AA compliant, to allow for those employees with certain disabilities to work for Alphatec and not be excluded. The offices are also wheelchair enabled, with ramped access, large height adjustable desks and toilet facilities. Staff are encouraged to develop themselves for the benefit of both themselves and the company and regular training is offered and given as is requested or regulations require.

  Wellbeing

  We value the wellbeing of all our employees within the company, and strive to create: • A better workplace environment • Happier employees who are more confident and able to express their feelings and ideas • Increased productivity, efficiency, and motivation • Minimise the risk of burnout • Improved staff retention The key areas that our wellbeing policy covers are: • Physical & Mental Health, and ensuring a safe working environment • Creating a culture that encourages people to value and maintain a good work/life balance i.e. taking regular screen breaks, taking their holidays, not working excessive hours etc., • Communicate positive values & principles that staff can buy into and be proud to be associated with • Create an open-door environment and facilitate healthy relationships between all employees based on trust and respect • Help staff to grow within their roles by providing relevant training and career progression, and recognise and appreciate everyone for their contribution • Encourage good lifestyle choices e.g., lunchtime walking, cycle to work schemes etc., • Provide incentives, recognition, and rewards to retain staff and make them feel good One of the key points to this policy and what we endeavor to remember is looking after the wellbeing of our teams is like an investment in them, and our reward for it, will be fresher employees, who feel looked after and valued, typically resulting in them producing better work.

Pricing

• Price: £12.63 to £15.63 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sdavies@alphatec.net. Tell them what format you need. It will help if you say what assistive technology you use.