EPI-USE Ltd

SAP SuccessFactors Cloud HR, Talent Management and Payroll

The provision and hosting of HR, Talent Management and Payroll SaaS software. SAP SuccessFactors HR and Payroll is a cloud-based HR solution that streamlines core HR tasks, automates payroll, and empowers employees with self-service options, all on a user-friendly platform.

Features

• Mobile access
• Real-time reporting
• Employee engagement
• Integrated processes
• Integrated reporting
• Real-time payroll & payroll variance support tools
• Social learning
• Employee wellbeing
• Employee collaboration
• PRISM migration for upgrading SAP Payroll to SAP ECP

Benefits

• Enable employee empowerment by providing access to processes on mobile-platforms.
• Adapt processes as needs change, ensuring flexibility and efficiency.
• Stay legally compliant with routine updates, ensuring continual adherence.
• Implement industry-leading processes as standard operational procedures.
• Enhance reporting via access to real-time-data for continuous process improvement.
• Optimise operations by streamlining tasks, thereby cutting costs and errors.
• Boosts productivity via centralised-data management for streamlined operations/reliability.
• Highly configurable/adaptable to various business scenarios with custom rules.
• Ensures effective safeguarding of sensitive data via high cybersecurity.
• Boost productivity with user-friendly SaaS, enabling HR-focused strategies.

£0.75 to £4.70 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kirsty.chatfield@epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

395574698965551

Contact

Kirsty Chatfield
07507 337795
kirsty.chatfield@epiuse.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There are software maintenance updates that are required from time to time, and these are published in advance. These updates may require the service to be taken down for periods of time. However, notifications of these updates are provided.
• System requirements:
  • Licence is based on named users
  • Recommended mobile and desktop browsers and operating systems
  • Various bandwidth requirements are recommended

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide Service Level Agreements, split by priority levels, support hours are between 8 am to 6 pm, Monday to Friday, excluding Bank Holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We supply a single level of support that is based on Business As Usual (BAU) support, Continuous Improvement and emergency fix. The cost is based on a ticket price. One ticket is used irrespective of the length of time required to fix the issue.; ; You will be assigned a dedicated support manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide e-learning prior to the implementation of the software, documentation, user and administration guides can be accessed online and downloaded if desired. There is an online community where materials and questions can be posted.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: SAP SuccessFactors provide files which are made available to clients when the contract ends. These files are placed in a secure area which the client controls.
• End-of-contract process: One the contract is reaching its end, the client will be notified that the data will need to be moved to another safe area. SAP does not own the data. SAP will liaise with the client to extract the data to a secure area. Once there, the client is responsible for the data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile is designed for your 10-second tasks and provides a trimmed down version of the desktop functionality. SuccessFactors offers responsive design for mobile users.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Please see the link below. ; ; https://apps.support.sap.com/sap/support/knowledge/public/en/2613670
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Systems administrators (when trained) can add fields, hide fields, change and create workflows, themes, create and run their own reports. These are role-based permissions.

Scaling

• Independence of resources: SAP has a monitoring process which load balances and monitors memory and disk usage. Extra resources are then applied as necessary.

Analytics

• Service usage metrics: Yes
• Metrics types: Out of the box reports include a broad range like user log-in stats, audit trail.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SAP SuccessFactors

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported as a flat file, CSV, excel format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA is 99.5% System Availability percentage during each Month for productive versions. Credits are 2% of Monthly Subscription Fees for each 1% below System Availability SLA, not to exceed 100% of Monthly Subscription Fee
• Approach to resilience: Available on request.
• Outage reporting: SuccessFactors will send announcement and completion email notifications for all planned and emergency or short notice maintenance events. The information is also available via the Cloud Availability Center. Systems administrators have access and control of who is notifies of outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: For the infrastructure part of the service, remote access is via a Bastion Server, to access this authorized personnel must use SSH VPN. 2-Factor authentication is required at the Jump Host, requiring both named network credentials (no guest accounts or shared accounts used) and an RSA soft token.; For customer administrators access to SAP SuccessFactors is via TLS 1.2 using AES 256bit encryption only
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: PWC
• ISO/IEC 27001 accreditation date: 31/5/2018
• What the ISO/IEC 27001 doesn’t cover: No available unless an NDA is in place.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017: 2015
  • ISO 27018: 2019
  • BS10012: 2017
  • ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Full details of security policies and processes are available at https://www.sap.com/about/trust-center/security.html . This link will direct you to the most recent set of documents and policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We apply all changes to our hosted infrastructure, whether planned or unplanned, with a formal Change Management policy in place, so that all planned product updates, planned and unplanned defect corrections, and planned and unplanned security patches do not adversely affect the customer experience. Every change to information resources such as operating systems, computing hardware, networks, applications, and databases is subject to the Change Management Policy and must follow change management procedures.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SAP regularly conducts vulnerability scans and penetration tests of the services offered. In addition, SAP engages 3rd party penetration tester to validate the security of the cloud services offered. According to security controls are defined and are subject to regular compliance audits.; Emergency patches will be deployed within 24hrs of assessment.; SAP will use an adequate internal or external advisory service for information about new security threats and vulnerabilities of the Cloud service stack. Adequate controls and measures are established for analysing relevant security threats and vulnerabilities, risks are assessed, and countermeasures are developed and deployed where relevant.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SAP has a policy in place to ensure information security and data protection. SAP takes a holistic approach to information security, implementing a multi-layered defence at all the touchpoints in the information flow—both the physical and logical, applied across the database, middleware, application, and network and communication layers—to offer complete data privacy, transparency, and audit controls.; The security incident management process at SAP is aligned with ISO/IEC 27035:2011 principles. SAP has Security Information and Event Management systems (SIEM) for analysis, reporting and alerting.; The SIEM system is monitored 24/7 and security incidents are responded to immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: This process is triggered when the Incident Reporter (customer or an SAP employee) reports an issue via phone or online ticket. The incident is subsequently recorded and prioritized in the incident tracking system.; Once an incident is reported to SAP, it is first assigned to a Support Engineer who provides an initial response, validates the incident’s contents, and verifies the component along with the priority by considering the reported urgency, business impact, Service Level Agreements, contracts and processing times.; Incidents are reported back as tickets.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our organisation boasts a largely home-based workforce, a setup inherently conducive to maintaining a commendably low carbon footprint. This structure not only aligns with contemporary trends favouring remote work but also underscores our commitment to environmental responsibility. Unlike many companies, we have forgone the implementation of a company car scheme, recognising the environmental impact associated with traditional commuting methods. Instead, we actively promote the use of public transportation among our colleagues, encouraging them to opt for eco-friendly modes of travel whenever possible, especially when attending meetings or other professional engagements.; ; Acknowledging the significance of face-to-face interaction in fostering strong professional relationships and collaboration, we nonetheless acknowledge the environmental implications of excessive travel. To strike a balance between these competing priorities, we have embraced the widespread adoption of virtual meetings within our organisational culture. By leveraging technology to facilitate remote collaboration, we effectively bridge geographical divides while significantly reducing our carbon footprint.; ; Moreover, our commitment to environmental stewardship extends to our approach to team training days. Recognising the potential environmental impact associated with organising large-scale events that necessitate travel, we have implemented a dual approach to attendance. Colleagues are given the flexibility to choose between attending these training sessions in person or remotely, depending on their individual circumstances and preferences. By accommodating both options, we not only ensure that every team member has access to essential training and development opportunities but also mitigate the environmental impact of these gatherings.; ; In essence, our organisational ethos revolves around striking a delicate balance between fostering meaningful face-to-face interactions and leveraging technology to minimise our environmental footprint. Through these concerted efforts, we demonstrate our unwavering commitment to sustainability while simultaneously embracing the benefits of modern work practices.

  Covid-19 recovery

  In response to the ongoing challenges posed by the COVID-19 pandemic, EPI-USE has implemented a comprehensive strategy aimed at promoting the well-being and productivity of our workforce while ensuring long-term resilience and adaptability. Central to our approach is the adoption of a company-wide work-from-home policy, a measure designed to prioritise the safety and health of our employees by minimising the risk of virus transmission in traditional office settings. By encouraging remote work, we not only adhere to recommended social distancing guidelines but also demonstrate our commitment to supporting public health initiatives.; ; However, we recognise that prolonged isolation and remote work arrangements may give rise to feelings of loneliness and disconnection among our staff. To address this concern, we have devised a proactive scheme aimed at fostering interpersonal connections and facilitating face-to-face interactions. Through this initiative, employees are afforded the opportunity to convene in a controlled office environment periodically, enabling them to engage in meaningful exchanges with their geographically local colleagues. This structured approach not only helps alleviate feelings of isolation but also promotes a sense of camaraderie and teamwork essential for maintaining morale and productivity.; ; Furthermore, we understand the importance of ongoing professional development and collaboration in driving organisational success. We continue to host regular training days to equip our staff with the skills and knowledge necessary to thrive in an evolving business landscape. To accommodate diverse preferences and circumstances, colleagues are given the flexibility to choose between attending these sessions in person or participating remotely. By offering both options, we ensure that every team member has access to valuable learning opportunities while also respecting individual preferences regarding work arrangements.; ; Our COVID-recovery approach is characterised by a commitment to prioritising employee well-being, fostering meaningful connections, and promoting flexibility and adaptability in the face of uncertainty.

  Tackling economic inequality

  As a proud member of Group Elephant, EPI-USE is deeply invested in safeguarding the enduring existence of elephants and rhinos in their natural habitats. Group Elephant, operating as a not-for-profit organisation, is dedicated to actively ensuring the long-term welfare of these majestic creatures. A fundamental aspect of this commitment involves collaborating closely with local communities to initiate conservation projects aimed at bolstering economic conditions in these regions.; ; At the heart of our approach lies the recognition that sustainable conservation efforts must go hand in hand with socio-economic development. By partnering with local communities, we endeavour to implement projects that not only protect the habitats of elephants and rhinos but also uplift the livelihoods of those who inhabit these areas. Through initiatives such as eco-tourism ventures, sustainable agriculture programs, and community-based enterprises, we strive to create avenues for economic growth that are in harmony with wildlife conservation objectives.; ; A distinctive feature of our partnership with Group Elephant is our commitment to channelling a portion of our project net revenues directly to the organisation. Specifically, 1% of all net revenues generated from our projects is allocated to Group Elephant, thereby providing essential financial support for their conservation initiatives. This ensures that our efforts to protect wildlife are complemented by tangible contributions toward broader conservation goals.; ; Furthermore, our collaboration with local communities extends beyond the implementation of conservation projects. We actively engage with community members to understand their needs and aspirations, thereby ensuring that our interventions are tailored to address specific challenges and opportunities. Through capacity-building initiatives, skills development programs, and the promotion of sustainable livelihood practices, we empower local residents to become stewards of their natural heritage while fostering economic resilience and self-reliance.

  Equal opportunity

  At EPI-USE, we uphold a steadfast commitment to equal opportunity, recognising and valuing the unique attributes and potential of every individual. Our approach is rooted in fairness and inclusivity, ensuring that each colleague has equitable access to resources and support needed to excel in their roles.; ; Central to our ethos is the principle of meritocracy, where individuals are evaluated based on their skills, capabilities, and contributions rather than extraneous factors. We strive to create a level playing field for all colleagues, fostering an environment where talent and effort are the primary determinants of success.; ; To uphold our commitment to equal opportunity, we actively engage in assessing the needs of each individual, tailoring support and resources to ensure they have the tools necessary to thrive in their respective roles. Whether it's providing specialised training, access to technology, or additional support, we prioritise meeting the unique needs of each colleague to enable their professional growth and success.; ; Moreover, we cultivate a culture of openness and transparency within our organisation, where colleagues are encouraged to voice any concerns or feedback they may have. By fostering an environment where communication is valued and respected, we empower individuals to express themselves freely and contribute to the continuous improvement of our practices and policies.; ; Through our unwavering commitment to equal opportunity, we strive to create an inclusive workplace where diversity is celebrated, and every individual has the opportunity to reach their full potential. By valuing and respecting the differences among us, we not only enrich our organisational culture but also drive innovation, creativity, and success.

  Wellbeing

  We recognise that paying attention to workplace Mental Health has never been more important and support the Mental Health at Work Commitment. We will avail ourselves of the resources at Mental Health at Work website created by the Government in partnership with Mind - https://www.mentalhealthatwork.org.uk

Pricing

• Price: £0.75 to £4.70 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kirsty.chatfield@epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.